What's Happening?
At Infosecurity Europe, security leaders emphasized the urgent need for businesses to accelerate their transition plans to post-quantum cryptography (PQC). Rik Ferguson, VP of security intelligence at Forescout, highlighted the slow adoption of PQC, with
only 8% of SSH servers worldwide supporting it. The countdown to cryptographically relevant quantum computers has begun, posing risks to encrypted data. Despite the potential disruption quantum computing could bring by 2030, many businesses have not prioritized PQC in their strategic plans.
Why It's Important?
The slow adoption of post-quantum cryptography poses significant risks to data security as quantum computing advances. Businesses that fail to transition to PQC may face vulnerabilities in their encrypted data, which could be exploited by adversaries. The urgency to adopt PQC is underscored by the potential for harvest-now-decrypt-later attacks, where encrypted data is collected now to be decrypted later when quantum computing becomes viable. This highlights the need for proactive security measures to protect sensitive information.
What's Next?
Businesses are encouraged to start planning for PQC now, following a roadmap that includes strategy, inventory, planning, migration, testing, and monitoring. The G7 Cyber Expert Group has urged similar actions, with planning phases expected to begin around 2028-29. As quantum computing technology advances, companies must prioritize PQC to safeguard their data against future threats. This may involve revising procurement strategies and enhancing crypto-agility efforts.
