Businesses must not be afraid but ready for Y2Q - Freha Arshad and Tom Patterson

By Freha Arshad and Tom Patterson
Published 21st Jul 2023, 07:00 BST
Updated 2nd Aug 2023, 11:54 BST
Comment
Over the past few years, we’ve made huge steps towards making quantum computing a reality. It has the potential to bring substantial benefits to many organisations and make exciting new breakthroughs in science.

But the benefits of this new era of supercomputing comes with risk in equal measure when it comes to the realm of cryptography. It is estimated that it would take a powerful quantum computer just seconds to break the same RSA encryption that would require trillions of years from our current computers – rendering our encryption models obsolete.

Business leaders cannot afford to be intimidated by the technical nature of such developments and must recognise the threat they pose. Cryptography is often overlooked, but it is essential for the security of all transactions over the internet. Without it, online banking transactions could be compromised, the confidentiality of classified information and personal data could be breached, and the integrity of digital signatures and certificates undermined.

Hide Ad
Hide Ad

With the technology progressing at an accelerated pace, quantum computing threatens to break current encryption keys by the end of this decade – if not sooner. Massive efforts were undertaken to address the Year 2000 (Y2K) bug. But because the “years to quantum”—or Y2Q—cannot be definitively predicted, many have postponed preparations.

​Freha Arshad, Scotland Security Lead, Accenture​Freha Arshad, Scotland Security Lead, Accenture
​Freha Arshad, Scotland Security Lead, Accenture

When it inevitably does happen, unprepared organisations at every level and in every sector risk falling victim to cybercrime and disruption. Cybercriminals are also aware of the proximity of post-quantum vulnerability. Many have already adopted a “hack now, crack later” approach, stockpiling stolen data for decryption later.

Scottish organisations must therefore prepare for the threat of post-quantum decryption now, to protect their organisations from potential future data breaches.

The task of overhauling encryption as we know it therefore sounds like a tall order, however the concept of ‘crypto agility’ is quickly being established as the best place for businesses to go. This creates the ability for an organisation to quickly rotate its processes and cryptographic technology based on real-time threats. This nimble approach to cryptographic security means organisations can continue to operate securely whilst they replace or update compromised keys and certificates - without impacting the functions of critical infrastructure. Crypto agility works for enterprises today.

There is a misconception that becoming crypto-agile requires a high-level knowledge of quantum computing and a large investment of time and manpower. The good news is that software and services exist to support business leaders in launching their organisation’s journey to crypto-agility. These are capable of the three phases of journey to post-quantum security: 1) Creating your strategic roadmap, 2) Discovering at-risk cryptography, and 3) Deploying crypto agility with access to the latest algorithms.

A Filipino technician (2nd R) installs an American-made Cybergeddon PC enhancement card in a computer to demonstrate its features in eliminating the Y2K millennium bug problem, while prospective clients look on at a trade display booth at the international conference on the Y2K problem in Manila 03 March. Experts from Japan and Hong Kong said their countries were on par with the Western world in putting in place remedies to deal with the Y2K problem in critical sectors of their economies. AFP PHOTO/ROMEO GACAD (Photo by ROMEO GACAD / AFP) (Photo by ROMEO GACAD/AFP via Getty Images)A Filipino technician (2nd R) installs an American-made Cybergeddon PC enhancement card in a computer to demonstrate its features in eliminating the Y2K millennium bug problem, while prospective clients look on at a trade display booth at the international conference on the Y2K problem in Manila 03 March. Experts from Japan and Hong Kong said their countries were on par with the Western world in putting in place remedies to deal with the Y2K problem in critical sectors of their economies. AFP PHOTO/ROMEO GACAD (Photo by ROMEO GACAD / AFP) (Photo by ROMEO GACAD/AFP via Getty Images)
A Filipino technician (2nd R) installs an American-made Cybergeddon PC enhancement card in a computer to demonstrate its features in eliminating the Y2K millennium bug problem, while prospective clients look on at a trade display booth at the international conference on the Y2K problem in Manila 03 March. Experts from Japan and Hong Kong said their countries were on par with the Western world in putting in place remedies to deal with the Y2K problem in critical sectors of their economies. AFP PHOTO/ROMEO GACAD (Photo by ROMEO GACAD / AFP) (Photo by ROMEO GACAD/AFP via Getty Images)

In the face of this looming risk, Scottish business leaders across both public and private sectors must act now and not delay their preparations. Updating encryption algorithms throughout an enterprise is a time-consuming process and must be completed before the threat emerges. They must prioritise crypto-agility by working towards adopting quantum-resistant encryption algorithms and regularly updating their security protocols. Being proactive will ensure continued data protection regardless of the coming threat. It is the fiduciary responsibility of business leaders to secure their organisations’ information systems and recognise the urgency of this issue. The time to start is now.

​Freha Arshad, Scotland Security Lead, Accenture and Tom Patterson, Global Lead for Accenture Quantum Security

Comment

Comments

 0 comments

Want to join the conversation? Please or to comment on this article.