That said, we’re starting to see more organisations and business leaders take a closer look at encryption and how it’s implemented.
Hopefully, the next step is understanding where it’s implemented, how critical those areas are to the business and whether any data isn’t encrypted that should be.
That’s what will give them a realistic sense of their exposure and risk when “Q-Day” — the unofficial term for the day a Crypto-Relevant Quantum Computer (CRQC) is available — hits.
On the political front, this conversation is only just beginning.
Several countries are running quantum-related tests, like Quantum Key Distribution.
This shows there is some attention being paid, which is a great start. However, we need to quickly increase awareness and knowledge levels.
What types of data are most at risk from quantum-enabled attacks?
Anything involving IP or PII is at risk of quantum-enabled attacks. In particular, data held by organisations in sectors like defence, high tech and pharmaceuticals is already a prime target for foreign governments looking to use their quantum capabilities.
If an intelligence agency could decrypt and access that information, it would be a major strategic win.
Right now this is where most of the interest lies, but as we get closer to the day when a commercially viable CRQC becomes available, the scope will broaden significantly.
At that point, any data with business value — whether for competitive advantage or broader industry and national espionage — will be at risk.
