Quantum Computing Attacks Still Years Off, but “Hack Now Decrypt Later” Presents Immediate Cyber Risk


Quantum computing attacks, which are feared to utterly break modern encryption on the internet, are still about a decade from being viable. They are widely seen as an inevitability, however, and that has not stopped attackers from preparing well in advance. A new poll from Deloitte finds there is an immediate and significant cyber risk from “harvest now decrypt later” (HNDL) attacks, in which attackers steal encrypted information and simply sit on it until quantum computing advances make it trivial to crack.

Among other findings, a little over half of the IT professionals surveyed say that their organizations are presently at risk of HNDL attacks. But fewer than half are presently on top of their analysis of this emerging cyber risk, and about 11% say there will need to be a cyber incident (the point at which it is far too late) before their leadership will be driven to do something about the threat.

Seemingly distant cyber risk already in the early exploitation stages

The Deloitte poll included the input of over 400 IT professionals working at organizations that are actively considering the benefits of quantum computing, though not necessarily the new level of cyber risk that accompanies it. Only a little over 26% said that they have completed a risk assessment at this point. 18% have plans to do it this year, and 16% say that they will do it in the next two to five years. 13% say they either do not plan to do it for more than five years or have no intention of doing it at all.

Roughly the same amount of organizations that plan to perform a cyber risk assessment well before quantum computing is expected to become a threat, a little over half of all respondents, also feel that HNDL is an immediate threat to their organization. 21% do not feel it is a threat, and 28% do not know.

What would push some of the more reluctant organizations to take quantum computing threats seriously? 27% of respondents said that it would take regulatory pressure. 20% believe leadership will have to be convinced to demand change, 15% think change will be sparked if competitors are observed doing it, and 11% said it would take nothing less than getting hit with a quantum computing attack to move the…

Source…