Quantum computing could do a lot of good for the world, but it also raises serious security concerns. Any technology that powerful could cause significant damage if cybercriminals get ahold of it, so cybersecurity professionals must prepare for a post-quantum future. But how much time do they have?
The United Nations has labeled 2025 the Year of Quantum Science and Technology, reflecting the growing importance of understanding this field. Businesses should consider how quantum computing could both help and hurt their data security before the risk grows too severe.
What security risks does quantum computing pose?
The primary cybersecurity concern over quantum computing stems from its ability to solve challenging problems quickly. Conventional cryptography works by encoding data in a highly complex cipher. Because the code is so complicated, trying every possible combination to break it without a key would be highly impractical. It’s technically feasible but would take even the most powerful modern computer years.
Quantum computing does not face the same limits. What’s practically impossible for a conventional machine is fairly easy for a quantum one. Consequently, today’s encryption algorithms would provide little protection against quantum threats, which could brute-force their way through them in seconds.
When will quantum computing be a prominent threat?
Quantum computers are not yet accessible or reliable enough to be a cybersecurity threat, but they could reach that point soon. Several companies believe they will have usable quantum machines by 2030, and some data may be at risk before such systems are even commercially available.
While much information has a limited useful life span, some — including names, addresses, and financial details — remain relevant for years. Cybercriminals could steal this data from encrypted databases today and wait until quantum resources become accessible to decrypt it.
In light of this possibility, quantum computing is technically already a threat. Past data breaches have affected as many as 1.5 billion users in a single hack. Such large-scale attacks mean cybercriminals may be sitting on vast piles of information ready to be decrypted once it’s possible.
Quantum computing may take another five years to reach the point of usability and reliability, but a lot of data would still be relevant by then. Threat actors may have already begun harvesting encrypted information, so the time to take quantum security seriously is now.
Steps to protect against quantum security risks
While quantum cyber threats are a worrying prospect, they don’t spell the end for data security efforts. Cybersecurity leaders can protect against them in a few ways.
1. Use quantum-resistant cryptography
The most important step is to transition to new encryption methods. Quantum machines can break conventional cryptography, but the government has already approved three quantum-resistant algorithms and released information on how to implement them.
Quantum-resistant cryptography uses a different mix of mathematical problems to encode data. These steps are enough to block brute-force attempts from both quantum and classic computers, so the sooner organizations can switch to them, the better.
It may take time and investment to adopt these new standards. The best way to manage this obstacle is to focus on bringing post-quantum encryption to the most sensitive and long-lasting data first before rolling it out to less vulnerable information.
2. Go beyond encryption
It’s also important to consider protections outside of cryptography. As vital as encryption is, it’s not a perfect solution, especially as quantum threats rise. However, any cryptographic shortcomings are a smaller concern if it’s harder to steal encrypted data in the first place.
Better data security begins with collecting less sensitive information. Companies should only gather what they need and consider using synthetic data to replace real-world data in some applications to avoid privacy breach concerns. Minimizing access permissions and monitoring for suspicious activity in real-time will also help.
Zero-trust frameworks — which 63% of organizations worldwide have already at least partially implemented — are also crucial. Greater attention to and restriction on data access will make quantum decryption less threatening by stopping attacks before they reach that point.
3. Take advantage of quantum AI
Businesses can also use quantum technology for their own gain. The same power that makes it such a serious security threat makes it a valuable tool for bolstering technical defenses.
AI, in particular, stands to gain much from quantum computing. Quantum AI could offer better anomaly detection and incident containment than today’s systems. As a result, cybersecurity teams would be able to detect and respond to attacks far faster.
Quantum AI could also enable more thorough penetration testing and vulnerability management. Proactive strategies like this will ensure teams can improve their defenses before a quantum-enabled cybercriminal finds its way through the gaps.
Quantum computing is both an advantage and a threat
Any technology is merely a tool, which means its benefits and disadvantages depend on how people use it. Just as AI can be both a boon and a risk, quantum computing could either improve security efforts or jeopardize them. The key to ensuring the former while preventing the latter is preparing for a post-quantum future before cyber criminals do.
