DigiCert released at its annual Trust Summit conference the results of a global study exploring how organisations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future.
Key findings reveal that while IT leaders are concerned about their ability to prepare in the timeframes needed, they are hampered by obstacles that include lack of clear ownership, budget, and executive support. Quantum computing harnesses the laws of quantum mechanics to solve problems too complex for classical computers. With quantum computing, however, cracking encryption becomes much easier, which poses an enormous threat to data and user security.
“PQC is a seismic event in cryptography that will require IT leaders to begin preparation now. Forward-thinking organisations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024,” said Amit Sinha, CEO at DigiCert.
“In the APAC region, where digital transformation is rapidly evolving, the need for quantum-safe cryptography is paramount. As industry bodies and governments drive progress, we urge businesses to prioritise their preparations for PQC to safeguard their data and maintain trust in an increasingly interconnected world,” said Armando Dacal, Group Vice President, APJ, at DigiCert.
Study Highlights
Ponemon Institute surveyed 1,426 IT and IT security practitioners in the United States (605), EMEA (428) and Asia-Pacific (393) who are knowledgeable about their organisations’ approach to post-quantum cryptography. Key findings from the study, sponsored by DigiCert, include:
- Sixty-one percent of respondents say their organisations are not and will not be prepared to address the security implications of PQC.
- Almost half of respondents (48 percent) say their organisations’ leadership is only somewhat aware (26 percent) or not aware (23 percent) about the security implications of quantum computing.
- Only 30 percent of respondents say their organisations are allocating budget for PQC readiness.
- Fifty-two percent of those surveyed say their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics.
Key highlights in APAC include:
- Thirty-nine percent of organisations say that they have less than five years to get ready.
- Fifty-three percent of respondents currently have a strategy (19 percent) or will have in the next six months (34 percent) to address the security implications of quantum computing.
- Sixty-three percent of organisations do not have a centralised crypto-management strategy (23 percent) or they have a very limited one, only applied to certain applications or use cases (37 percent)
Challenges Organisations Face to Be Ready for a Safe Post-Quantum Computing Future
Key findings indicate that security teams must juggle the pressure to keep ahead of cyberattacks targeting their organisations while preparing for a post-quantum computing future. Only 50 percent of respondents say their organisations are very effective in mitigating risks, vulnerabilities, and attacks across the enterprise.
According to the research, ransomware and credential theft are the top two cyberattacks experienced by organisations in this study. Forty-one percent of respondents say their organisations have less than five years to be ready. The biggest challenges are not having enough time, money, and expertise to be successful.
Currently, only 30 percent of respondents say their organizations are allocating budget for PQC readiness. Many organisations are in the dark about the characteristics and locations of their cryptographic keys. Only slightly more than half of respondents (52 percent) say their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics. Only 39 percent of respondents say they are prioritising cryptographic assets and only 36 percent of respondents are determining if data and cryptographic assets are located on-premises or in the cloud.
Very few organisations have an overall centralised crypto-management strategy applied consistently across the enterprise. Sixty-one percent of respondents say their organisations only have a limited crypto-management strategy that is applied to certain applications or use cases (36 percent), or they do not have a centralised crypto-management strategy (25 percent).
To secure information assets and the IT infrastructure, organisations need to improve their ability to effectively deploy cryptographic solutions and methods. Most respondents say their organisations do not have a high ability to drive enterprise-wide best practices and policies, detect and respond to certificate/key misuse, remediate algorithm remediation or breach, and prevent unplanned certificates.
Recognising a Pressing Problem
Organisations recognise they are lacking the expertise to stay out in front of post-quantum requirements. As a result, hiring and retaining qualified personnel is the most important strategic priority for digital security (55 percent of respondents). This is followed by achieving crypto-agility (51 percent of respondents), which is the ability to efficiently update cryptographic algorithms, parameters, processes and technologies to better respond to new protocols, standards, and security threats, including those leveraging quantum computing methods.
To be ready for post-quantum computing, organisations need to have a strategy that includes backing by senior leadership, visibility into cryptographic keys and assets, and centralised crypto-management strategies that are applied consistently across the enterprise with accountability and ownership.
Read the Full Report: Preparing for a Safe Post Quantum Computing Future
Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)