This blog was written by an independent guest blogger.
Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future. The power of quantum computing brings security complexities that we are only beginning to understand.
Even now, our cybersecurity climate is getting hotter. The average cost of a data breach reached an all-time high in 2021, and the attack vector grows larger by the minute. There has been a significant increase in the number of connected devices used to access business email and intranet since more organizations have transitioned to remote and hybrid work models.
With quantum computing looming in the not-so-distant future, the way that we think about encryption will need to evolve. Most of our current online privacy protocols utilize cryptography to maintain privacy and data integrity. However, the complex math behind creating encryption keys is no match for the power of quantum computers.
Although IBM hopes to make a 1,000-qubit machine by 2023, widespread adoption of quantum computing is still decades away. Take advantage of this time to develop the cybersecurity infrastructure that your organization needs to prepare for the future of quantum computing.
What is quantum computing?
Quantum computing focuses on developing computer technology based on principles that describe how particles and energy react at the atomic and subatomic levels. Today’s computers encode information in 1’s and 0’s. Quantum computing says that information can be encoded simultaneously in more than one place.
While the science is a bit muddy for those who are not quantum theory experts, we can all agree that quantum computing is faster than any other computing technology. In fact, the quantum computer that is in development at Google is 158 million times faster than the world’s fastest computer today.
Digital transformation has already spurred an increase in demand for web designers and developers, and web development is one of the fastest-growing career fields in the United States right now. In the future, quantum computing has the potential to contribute to finance, military intelligence, pharmaceutical development, aerospace engineering, nuclear power, 3D printing, and so much more.
What are the security risks?
The most significant impending security risks associated with switching over to quantum computers are related to cryptographic encryption. The global internet economy relies on cryptography as the foundation for a secure network. The complex algorithms used to create public and private keys to decrypt encrypted data do not hold up in a quantum environment.
The basic idea behind cryptographic encryption is that anyone who wishes to read an encrypted file must have the key, or code, to unlock it. The longer the key, the longer it takes for a computer to crack, and the more secure your files are.
To put this in perspective, it took a group of 300,000 people and four years of work to crack a 64-bit key in 2002. With 128-bit key encryption, it could take trillions of years to find a matching key.
Recently, the NIST raised the industry standard for key length protocol from 128 bits to 256 bits to increase security and prepare users for the future of quantum computing.
But cryptography is only one piece of the puzzle. Even if you implement the most secure encryption and signing practices, it won’t stop someone from opening a malicious file attachment or clicking on a misleading link. Software flaws, misuse of access, and other human-related problems could cost companies an unfathomable fortune in the quantum age.
How to protect yourself
Several technologies such as 5G, machine learning AI, and quantum computing have made huge advancements toward digitization. But, often, new technology rolls out before all of the kinks have been discovered and resolved. You could say that we are experiencing this problem with legacy cybersecurity systems.
Since the theory behind quantum computing will make our current encryption protocols obsolete, organizations should focus on creating a unified cybersecurity ecosystem to monitor the network, discover vulnerabilities, and mitigate security issues.
Here are a few things companies can do to protect themselves from future risks:
Adopt industry security standards
COVID-19 forced the world to find new ways to communicate, work, and conduct business, with most people finding their “new normal” by using digital online tools and connected devices. This influx of new internet users increased digital deployments, and the advent of the remote work movement caused security vulnerabilities for businesses and consumers to rise significantly.
The NIST’s new industry standards say that the encryption strength of your keys should be at least 128 bits for low-impact data, 192 bits for moderate-impact data, and 256 bits for high-impact information.
In addition, achieving ISO compliance also helps protect your organization by requiring cybersecurity tools for asset discovery, vulnerability assessment, continuous security monitoring, and event reporting.
Implement Zero Trust
Meeting industry security standards, mandated or not, will help you with the technical side of cybersecurity, but implementing zero-trust authentication protocols can help to reduce risks associated with human error.
Scammers are clever, and they tend to use social engineering tactics to build trust with their intended victims so that it is easier to exploit them for their credentials, money, or data. Phishing and spoofing attacks are popular forms of social engineering where an attacker pretends to be a trusted user to infect a network with malware or get their hands on high-level login information.
Phishing and spoofing attacks can be highly covert. In fact, a whopping 30% of phishing emails and SMS messages get opened by targeted users. Another 12% of those users click on the malicious attachment or link.
Zero-trust protocols help reduce the impact of phishing and other social engineering attacks by delegating privileges based on necessity instead of position in a company. This protects crucial data from leaking out in case credentials are breached since no one individual is trusted with “the keys to the kingdom,” so to speak.
Deploy automated tools
Many cybersecurity protection procedures are meant to diffuse the impact that human error can have on an organization. Manually scanning your network, mitigating vulnerabilities, and responding to data breaches opens the door to more mistakes as well as putting a limit on productivity.
That’s why organizations at the cutting edge of security choose to deploy automated tools to help them maintain the integrity of their network. Not only do automated tools work at higher speeds, but they can also analyze data with incredible detail within a timeframe that humans can’t match.
A recent study about cybersecurity adoption reported that 95% of businesses have already automated some cybersecurity processes. The report also highlighted that 98% plan to automate even more of their manual security processes in the upcoming year. This also implies that businesses that don’t automate their security protocols could lag behind.
Implement managed threat detection
Transitioning to a quantum-resistant cybersecurity plan sounds intimidating, which is why it can be helpful to have skilled experts on your side. The best way to ensure that your cybersecurity ecosystem remains intact is to implement managed threat detection through a trusted company. A managed threat detection and response service can help you arm your business with high-quality security tools and provide continuous monitoring and response support when you need it the most.
Quantum computing will change everything from apps to internet search, web development, cybersecurity, and beyond. It’s wise to stay one step ahead of current technology trends so that when new features are released, your organization is already equipped with the knowledge and tools it needs to weather the dawning of a new age.
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website...
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...