Intelligent CISO Issue 59 | Page 33


Preparing for a ‘ quantum ’ world in 2023

Neil Thacker , CISO EMEA at Netskope , says the fact that new standards for postquantum cryptography are coming is a hugely positive step forward in the constant evolution of security and why the transition to these standards will be one of the biggest transformational challenges facing security teams in the next decade . very few decades ,

E the foundations of the cybersecurity world are dug up and a new encryption standard is established in its place . It started in the 1970s with the Data Encryption Standard ( DES ), which at the turn of the Millennium was replaced with the Advanced Encryption Standard ( AES ). On both occasions the new standards were designed to futureproof and protect digital infrastructure from the advances in computing . Today , with rapid developments occurring in Quantum Computing , we need to make this change once again .

Quantum Computing has been making headlines since 1995 , when it was hypothesised that a quantum computer with sufficient qubits could use Shor ’ s algorithm to break public-key encryption .
Neil Thacker , CISO EMEA at Netskope
While real-world implementations of quantum computers are still years away , the issue of post-quantum security has urgency due to the threat of ‘ hack now , crack later ’ attacks . This approach sees threat actors gathering encrypted data today through a range of data theft approaches , and storing it until a quantum computer powerful enough to break the encryption becomes available . Although delayed , this model anticipates threat actors , especially state sponsored groups , accessing potentially critical intellectual property , secure communications and state secrets .
Fortunately , the National Institute of Standards and Technology ( NIST ) has been searching for a new encryption standard that would be resistant to postquantum compromise . The new standard is being referred to as post-quantum cryptography ( PQC ). In July last year , NIST published four finalists after a global effort to set new standards which are due to be finalised in 2024 . The US Government has already mandated that all agencies and departments start adopting PQC standards by 2025 .
The announcement of this timeline sounded the starting gun on what will be one of the most challenging change management projects over the next decade or so .
Start by knowing your data
In order to prepare for a post-quantum world , you need to understand where you are reliant on potentially vulnerable encryption and what it is protecting . You www . intelligentciso . com