A global research survey of information security professionals released today found that most believe advancing technologies will break longstanding encryption standards within the next two years, according to a survey conducted in October 2021 by Dimensional Research for Cambridge Quantum.
The report also suggested that most organizations are not ready to defend against encryption attacks but plan to be by 2023, according to the report which evaluated the opinions of more than 600 cybersecurity professionals across industry and government. According to the findings, only 21 percent of the security professionals feel prepared for advancing encryption attacks while another 38 percent say their organizations will be ready within the next two years.
Other highlights include:
● 70% of respondents expect new and evolving technologies will compromise existing
● 60% anticipate these advances will defeat current encryption as early as 2023
● 75% acknowledged that quantum-enabled attacks will defeat current encryption
● 80% of respondents are worried that a quantum-enabled attack could occur “without
● 86% confirm they adhere to regulations requiring critical data protection for an extended
period with nearly half needing to protect data for five years or more. Data that must be
secured over time is vulnerable to “hack now, decrypt later” tactics currently being
employed by adversaries who will use powerful quantum computers when available.
While some experts may feel ready, that readiness is not reflected in company budgets. Only one in five indicate any budget allocation to address the issue and even fewer have started researching quantum threats and possible solutions.
Knowledge of quantum security appears widespread among quantum experts. Nearly half of the survey respondents indicated they are quantum security knowledgeable. However, they admit key challenges in building a quantum defense, including lack of in-house expertise, immature solutions, and undefined post-quantum encryption algorithms. Just 13 percent have purchased a solution to start enabling a quantum defense.
“Cybersecurity professionals appear to appreciate the advancing threat to current encryption standards and say they will be ready in time. However, there appears to be little real movement within organizations towards preventing a potentially catastrophic loss of critical data, despite the associated financial and legal consequences,” said Duncan Jones, head of quantum cybersecurity for Cambridge Quantum (CQ). CQ is now part of Quantinuum.
Jones said in a news release that the strategy being implemented by adversarial nations and other bad actors to steal encrypted communications today for later decryption with quantum computers should especially concern those organizations required to protect critical data over several years or more.
“Organizations with data in the cloud or IoT devices in the field should move quickly to strengthen encryption against existing threats as well as those posed by quantum attackers in the future,” Jones said. “Financial institutions, healthcare, governments and other entities protecting critical data should ensure their security foundation is as strong as possible today, as well as future-proofed for tomorrow.”
Jones said organizations can move towards using post-quantum algorithms, such as those
being standardized by the NIST post-quantum cryptography process, as well as consider
bolstering current encryption defenses by leveraging quantum-enhanced cryptography.