Quantum Computing is "Harvesting Now, Decrypting Later"
Let me be blunt: your data is already insecure.
Not being cracked today, but being stored away to be decrypted when quantum computers mature. This type of attack is called "Harvest Now, Decrypt Later," and it's happening right now.
The Problem is More Urgent Than You Think
Quantum computing is often seen as a distant theoretical threat. Ronit Ghose, Global Head of Future of Finance at Citi Research, points out that this mindset is putting financial services at risk.
"Your encrypted data is already being stolen: Quantum computing is often treated as a distant, theoretical cybersecurity issue. That mindset is already putting financial services at risk."
This is not alarmist. Current public-key encryption (RSA, ECC) will be vulnerable in the face of sufficiently powerful quantum computers. Shor's algorithm can factor large integers in polynomial time, meaning that 2048-bit RSA keys will be rendered useless.
The Timeline Question
The core question is not "whether quantum computing will arrive," but "when it will arrive."
- Optimistic estimate: Practical quantum computers within 5-10 years
- Conservative estimate: 15-20 years
- Reality: Data lifecycles can be as long as 10-20 years
If the data you encrypt today will still be sensitive in 15 years (medical records, financial data, national secrets), then you are already at risk.
Progress in Post-Quantum Cryptography (PQC)
The good news is that solutions are on the way. NIST standardized the first batch of post-quantum cryptographic algorithms in 2024:
- CRYSTALS-Kyber: For key encapsulation
- CRYSTALS-Dilithium: For digital signatures
- SPHINCS+: Stateless hash-based signatures
The bad news is that migrating to these algorithms takes time—potentially years for large organizations.
A New Dimension of Supply Chain Security
This is not a problem for a single organization to defend against. An interesting case: A Chrome extension was discovered to be stealing corporate data and 2FA codes.
"Una estensione Chrome ruba i dati aziendali e i codici 2FA" — Red Hot Cyber
This reminds us that basic security is still full of vulnerabilities before considering the quantum threat. Supply chain attacks, third-party risks, authentication bypasses—these problems will not disappear with the advent of quantum computing.
The Intersection of AI and Cybersecurity
A trend to watch: AI + cybersecurity is becoming a huge career opportunity.
"AI Cybersecurity will be a huge career opportunity." — @vihanjain
This is not only about defending against AI-driven attacks, but also about using AI to enhance security operations: threat detection, anomaly identification, automated response. But AI also brings new risks—model poisoning, adversarial examples, security decision errors caused by hallucinations.
Practical Advice for Businesses
- Inventory encrypted assets: Identify which data needs long-term protection
- Develop a PQC migration plan: Don't wait until the last minute
- Strengthen basic security: VAPT (Vulnerability Assessment and Penetration Testing) should not be a one-time project, but a continuous lifecycle
- Focus on the supply chain: Every third-party tool is a potential attack surface
- Invest in talent: Talent that understands both AI and security will be extremely scarce
Conclusion
The quantum threat is not science fiction, but a mathematical fact. The only difference is whether you prepare now or remedy after the attack occurs.
The choice is in your hands. But remember: attackers are already behind you, collecting all the data you encrypt today.
