The Challenge Ahead
While PQC is one of the best precautions we can take for the world of quantum computing vulnerabilities, there is a two-fold problem with implementing the necessary protection.
Firstly, there is a high cost associated with updating to a new security standard. Upgrading legacy systems can be costly for businesses. This is often down to the incompatibility of existing protocols, the inadequacy of a company’s inventory of all the vulnerable nodes in their IT system that require upgrading (made even more difficult when third party vendors are involved), along with efforts to make these changes over longer periods to help manage costs. This is exacerbated further when we consider any possible resistance from management, who might question the need to trade out existing security systems for a risk that isn’t fully realised yet.
The second challenge is the question of data interception where data has been stolen, but not decrypted. The concept of a “harvest today, decrypt tomorrow” hack has given cause for concern for infosec professionals as information that has previously been compromised might risk decryption from a quantum computing system in the future. Paolo Cuomo, our Director of Operations, believes this to be an issue for the security specialist of today, not a few years down the line when quantum computers become more prevalent.
In a recent piece for LinkedIn, Paolo shared his thoughts: