"Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations Consider Implications of Quantum Computing"
According to a new Deloitte study, 50.2 percent of professionals at organizations considering the benefits of quantum computing believe their organizations are vulnerable to 'Harvest Now, Decrypt Later' (HNDL) cybersecurity attacks. Threat actors use HNDL attacks to steal data from unsuspecting organizations, expecting that the data can be decrypted later when quantum computing becomes sufficiently mature to render some existing cryptographic algorithms obsolete. Colin Soutar, Ph.D., US quantum cyber readiness leader, says it is encouraging to see that many organizations aware of quantum computing are also mindful of the emerging technology's security implications, but it is important to note that HNDL attacks are something that all organizations will face in a post-quantum world. As quantum awareness grows in boardrooms, C-suites, and security teams, organizations must prepare for post-quantum cyber risk management. Timing for organizations to assess potential post-quantum encryption vulnerabilities varies according to the professionals polled. Almost half of those polled believe their organizations will complete the work within the next 12 months, if not sooner. Another 16.2 percent anticipate conducting such quantum risk assessments within the next two to five years. Respondents indicated that their organization's quantum computing security risk management efforts will most likely advance due to regulatory pressure to adopt legislation or policies or leadership demand. They will be expected to enable the cryptographic agility that can address the algorithms rendered obsolete by quantum computing. Other respondents' organizations appear to be waiting and seeing. According to some, it would take a cyber incident involving their organization to drive quantum security risk management efforts. This article continues to discuss key findings from Deloitte's new survey of over 400 professionals from organizations that have already considered quantum computing's benefits.