EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Discover how EY's Next generation security operations & response team can help your organization manage leading-class security operations in a programmatic way.
Read more
-
Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
According to SandboxAQ, an artificial intelligence (AI) and encryption inventory and risk identification platform, harvest-now-decrypt-later (HNDL) attacks – where cybercriminals capture encrypted data now to decrypt when greater quantum computing power emerges – are on the rise. The current HNDL activity is a call to action for companies to increase the speed at which they take additional steps to prioritize data protection.
An opportunity – and time – for CISOs to take the lead
Aligning resources for a quantum initiative starts with senior leadership. Yet, since the expected impact of quantum can’t be clearly defined and there is a lack of coordinated government mandates, some leaders question to what degree this should be a current priority and how great the disruption will truly be. CISOs can frame the post-quantum cyber future not in terms of the scale of the problem, but in the immediate pragmatic steps that can be taken to enhance data management and security protocols to benefit their organization today and serve as the initial steps to prepare to transition to post-quantum encryption in the future.
CISOs can take a leadership role as companies assess post-quantum computing impact and strategies – ensuring data management is on the agenda – and can help create a cross-functional steering group if one doesn’t exist. This will align the CISO, chief technology officer (CTO) and chief information officer (CIO) to not only plan enterprise-wide data management strategies that will reduce post-quantum risks, but also determine how to best resource next steps, whether internally or with external advisors knowledgeable about quantum cybersecurity.
Strategic imperative: focus on data to protect for the future
Forward-thinking organizations have started planning for quantum disruption, identifying critical steps that will position them to capitalize on quantum benefits and reduce potential risks. While this process will include transitioning to quantum-resistant encryption algorithms as they become available, enhancements to data management and security are required in the short term. By assessing current protocols, creating a roadmap for a future state that will be “transition ready” and shifting data to more secure environments, companies can strengthen current protections and meet future threats with more appropriate processes and safeguards in place.