Everything you thought you knew about cybersecurity could change completely. We don’t know exactly if or when this will happen, so now is the time to be aware of the possibility.
This shift is due to the rise of quantum computers, which can solve problems, and deploy encryption and decryption technologies, far beyond the capabilities of the regular computers we all use today. Their use is still limited, but from a cybersecurity and encryption standpoint, quantum computers represent a complete game-changer at the (theoretical) point at which they enter the mainstream.
Quantum Computing is a highly complex and technical subject, but understanding the basics – how it works, its potential security consequences, and how to stay protected – is crucial. We’ve created this guide to help you understand the risks posed by quantum computing, regardless of your level of technical expertise.
What is quantum computing?
Firstly, let’s start with a simple explanation of quantum computing, which is based on the principles of quantum mechanics. Unlike standard computers that use bits (which represent either 0 or 1), quantum computers use ‘qubits.’ Qubits can exist in a superposition of both 0 and 1 simultaneously, dramatically increasing computational power. Additionally, they can interact through a phenomenon called entanglement, allowing quantum computers to solve complex problems at unprecedented speeds.
Qubits are actual physical particles, which means they require very specific conditions within quantum computers to function properly. Due to this, they are housed in cryogenic containers at extremely low temperatures and isolated from the environments around them.
What are the benefits of using quantum computing?
Quantum computers can deliver vastly more computing power, allowing them to process much more data than a regular computer. In an era of exponential data growth and the rise of artificial intelligence (AI), these capabilities could prove instrumental in unlocking new technological opportunities.
However, the use of quantum computers in the wider world has been relatively limited so far, and there are several reasons for this. Protecting and cooling the qubits and developing quantum computers at scale can be a very expensive endeavor. As a result, only a small number of economically viable use cases have so far emerged where quantum computing is practical.
Since quantum computers operate on a probability basis, they aren’t always suited to tasks where 100% certainty is needed for results – even though they work much quicker than regular computers. Instead, they have proved useful in dealing with intensive workloads, such as scientific research, or conducting searches through vast databases at scale.
Why is quantum computing a cybersecurity threat?
One of the primary use cases that has emerged for quantum security so far is in cryptography. The more detailed nature of the qubits compared to regular bits means that far more complex methods of encryption can be applied, which cybercriminals will find much harder to crack.
From this initial development, the use of quantum computing in cryptography has gradually expanded but is held back from mainstream adoption by expense and practicality barriers. This means that while quantum cryptography (QC) can help keep communication and data transfer completely private through encryption, it still isn’t widely used to date.
However, there is also a major quantum computing threat to cryptography: just as quantum computers can be used to encrypt communications, they can also be just as capable of decrypting. While they may not be able to crack complex, quantum-level defenses, they would have little problem in picking apart standard measures such as the AES or RSA encryption that we all use today.
This type of decryption began with Schor’s algorithm, which was created by Professor Peter Schor at the Massachusetts Institute of Technology in the mid-1990s. It was expected that the algorithm would take years to crack asymmetrical encryption such as RSA, but thanks to the substantially faster processing power of quantum computers, it has been proven to be able to do so within minutes.
Which industries are most at risk from quantum computing threats?
The consequences of a scenario such as this would be globally catastrophic. A handful of powerful quantum computers could enable cybercriminals to break encryption, exposing vast amounts of sensitive data. Everything from leaking financial assets and personal information to government and national security systems could be compromised.
While almost every industry faces risks, four stand out as particularly vulnerable:
Banking
Even though the finance industry has invested heavily in encryption and security solutions for obvious reasons, these could potentially still be cracked by quantum computers. This puts billions of dollars, pounds, and euros of funds at risk, alongside the large-scale loss of highly sensitive data. If the same principle is applied to cryptocurrency, the blockchain and smart contracts that underpin the likes of Bitcoin could be dismantled, allowing anyone’s crypto holdings to be seized.
Government
The quantum computing threat to cryptography could also extend as far as national security if it allowed cybercriminals to gain access to classified documents and other highly sensitive military and defense information. At a public level, it could also lead to data such as tax information and social security numbers being seized for malicious purposes and the delivery of essential public services being disrupted.
Healthcare
There are two ways in which quantum-backed cybercrime could affect healthcare. The first is in the breaching of healthcare bodies’ data systems, which would allow the seizure of personal medical records and information. The other is in the disruption of data involved in important scientific research, which is vital to improving health outcomes, enhancing treatments, and ultimately saving lives in the years to come.
Cloud services
The use of the cloud for storing and processing data, and running key business applications, is now commonplace around the world. However, this huge wealth of sensitive information is a prime candidate for malicious quantum computing activity, given that it isn’t even being protected properly now: Thales research has found that only 11% of businesses are encrypting at least 80% of their cloud data.
How immediate is the quantum computing threat to cryptography?
Thankfully, not very – at least for now. At their current level of development, quantum computers are not capable of dealing with the amount of processing and data decoding that would be required to break through RSA encryption. Building one would take a long time and a large amount of investment to develop. At least at present, it’s well beyond the skill and resource capabilities of even the most sophisticated and well-funded cybercriminal operations.
However, because there is a theoretical possibility of such a quantum computer being created, security authorities are taking no chances in protecting against the consequences. For example, in the United Kingdom, the National Cyber Security Centre has published official advice on the threat of quantum computing and what can be done about it. Currently, there are plenty of steps that organizations can take now so that they are better prepared for whatever the future might hold.
What can you do to protect your business from quantum computing threats?
The threat of quantum computing to cybersecurity is not an immediate one, but if the threat does emerge, the speed of attack and the spread of the consequences could be extremely rapid. That’s why it’s worth looking at some initial preventative measures, including:
Adopting hybrid encryption approaches
Several innovations are currently being developed that apply some of the principles of quantum mechanics to regular cybersecurity. These include Quantum Key Distribution (QKD) and Quantum-Safe Cryptography (QSC); the latter is intended to develop encryption as mathematical problems that even quantum computers would not be capable of cracking.
Staying aware of new cybersecurity development
Security and encryption experts around the world are working hard at developing standardized methods of quantum-safe encryption. In August 2023, the National Institute of Standards and Technology (NIST) in the United States introduced the first post-quantum encryption standards (FIPS 203, 204, and 205).
This means that, in time, organizations will be able to access certain security standards and protocols that are quantum-safe and compliant. It’s therefore important that security teams watch developments in this area closely so they can put new security measures in place at the earliest opportunity.
Avoiding non-standardized solutions
Bodies such as the NCSC have warned against adopting QSC solutions now before the new standards have been put in place. They have cited concerns about a lack of product verifiability and a potential lack of interoperability with the standardized solutions once they become available. Jumping the gun with emerging solutions now risks expensive reinvestment further down the line.
What role does AI have to play in quantum computing cybersecurity?
As with almost any technology, the potential impact of artificial intelligence must be considered. While any real combination of AI and quantum computing in cybersecurity is still a long-term aspiration, the potential of this combination means it must be kept in mind.
So far, quantum computing has been heavily linked to artificial intelligence because its computing power has proved extremely useful in developing machine learning (ML) models and Natural Language Processing (NLP).
At present, it isn’t sustainable or viable to run AI algorithms on quantum computers. However, in time, the combination of quantum computing and AI could prove instrumental in developing even more complex and indecipherable encryption algorithms. Furthermore, the data-driven insights that AI can generate could be able to accurately predict the risk of certain attacks on data, systems, and applications, helping to ensure that the right protections are applied in the right places.
While quantum computing poses future risks to encryption, current cybersecurity threats, such as malware, phishing, and ransomware, are still the primary concern. Until quantum-resistant encryption becomes widely available, businesses and individuals should focus on maintaining strong cybersecurity practices with trusted solutions to defend against the onslaught of sophisticated and emerging cyberthreats.
Related Articles:
- What are the Security and Privacy Risks of VR and AR?
- What is the Deep and Dark Web?
- What is Blockchain Security?
Related Products:
