THANK YOU FOR SUBSCRIBING
Whenever there is a conversation on cyber security, the words “my data is encrypted” gives us solace that we are safe. In fact, many regulations like GDPR, Gramm-Leach-Bliley Act, California consumer privacy act, all have provisions around data encryption at rest and in motion. Even mobile applications like Whats App are reported to encrypt end to end conversations.
Back in early 2020 the world changed with everyone going to work from home as offices that could shut down did so. With that change, our focus in cyber security moved from perimeter-based defenses to endpoint protection. Everything from URL filtering, email protection, antivirus, host-based firewalls, and endpoint data encryption to name a few. Since embarking on work from home, a lot of data is being accessed from areas not within our physical or technical control. All this has led to increased data exposure and a corresponding dramatic rise in ransomware attacks with payments now averaging over a million dollars. We are now two plus years into the pandemic and most organizations are struggling with the return to the office dilemma. Organizations want to open their offices back up while workers arewanting to be remote. In the meantime, badactors have zeroed in on the weakest link in the chain. As an industry we are reaching our “next normal” and our focus must be on hardening the data itself.
Conventional wisdom around hardening data consists of encrypting the data. While there are different algorithms and techniques, many modern data encryption algorithms are based on prime factorization. Simply put, the key is to find what are the smallest prime numbers that you can multiply together to give you the original number. For example, 104 it is 2,2,2 and 13. Sounds simple but it gets very complex as the numbers get larger. In fact, there is no known way a conventional computer can quickly factor all the possibilities in a meaningful amount of time. Even sophisticated encryption can be broken if you had enough time. Time is the biggest safety mechanism we have in today’s encryption as even a supercomputer would take years or decades to crack the code. But if we take the time dimension out of the equation, we just moved our superpower of encryption to become our kryptonite.
"Time is the biggest safety mechanism we have in today’s encryption as even a supercomputer would take years or decades to crack the code."
Today, data encryption is the glue that holds information from the eyes of bad actors. However, the quantum computers of the near future are not limited to using 1s and 0s as traditional computers. Instead, they work with subatomic “qubits” that can take on multiple values at once hence exponentially increasing the power of computers to perform calculations at incredible speeds.
In the face of quantum computing our current encryption standards will have little value in protecting our data. Risk management needs to be forward thinking in this space over the next 5-10 years to ensure we can continue to conduct business as usual in our highly interconnected world. It is not all doom and gloom; the bright side is quantum computing if proven to crack current encryption will also be able to crack ransom ware encryption at its current standards. Even the bad actors will have to work harder to get things encrypted to beat quantum computing.
However, let’s not bury our heads in the sand and hope the problem goes away as it won’t. Let us get creative and get ahead of this challenge. Solutions could evolve around splitting data into tokens, zero knowledge proof systems and so much more. We must not lose our superpower of encryption by waiting for it to become a kryptonite with quantum computing.