Quantum Computing and Cybersecurity: How to Secure the Quantum Future

Quantum computing and cybersecurity have become intertwined buzzwords, creating excitement and anxiety within the tech and cybersecurity communities. Recent breakthroughs, like the National Institute of Standards and Technology (NIST) finalizing post-quantum encryption standards, underscore the urgency of this evolving threat.

Sherri Davidoff and Matt Durrin from LMG Security recently discussed the practical implications of quantum computing and cybersecurity, highlighting areas at risk and emphasizing actionable measures organizations can take. Let’s start by understanding quantum computing, then we’ll dive into the cybersecurity implications.

Understanding Quantum Computing and Cybersecurity

Quantum computers operate fundamentally differently from classical computers. Utilizing qubits, they can perform complex calculations at unprecedented speeds. This capability poses a direct threat to current cryptographic systems.

Secure web traffic, email authentication, digital signatures, and even cryptocurrencies may be fundamentally broken once quantum computing emerges. That’s because quantum computers are exceptionally fast when it comes to solving specific types of math problems, such as factoring large numbers. This can enable them to break certain types of encryptions, such as RSA and ECC, which are vital for securing our global technology infrastructure. “Quantum computing will even break digital contract signing, phishing protection on the internet… all kinds of stuff,” warned Matt Durrin, LMG Security’s director of training and research.

“Quantum computers aren’t good at everything,” says Sherri Davidoff, LMG’s founder. She pointed out that quantum computers won’t help stream videos more quickly or process large volumes of data more rapidly. Instead, they are good at solving specific types of problems that happen to be critical for cybersecurity.

The Importance of Post-Quantum Cryptography

The potential to decrypt sensitive information, forge digital signatures, and compromise secure communications underscores the critical need for quantum-resistant solutions. Recognizing the impending challenges, the National Institute of Standards and Technology (NIST) has been proactive in developing post-quantum cryptographic standards. In 2024, NIST released its first set of finalized post-quantum encryption standards, marking a significant milestone in the journey towards quantum-resistant security. These standards provide guidance on implementing quantum-resistant cryptographic algorithms, which are essential for safeguarding digital infrastructure against quantum threats. “You’re going to start to hear some different names of encryption algorithms coming out, similar to Diffie-Hellman, but they’re quantum resistant,” Davidoff shared.

Gartner has also emphasized the importance of post-quantum cryptography (PQC). In their “Top 10 Strategic Technology Trends for 2025,” Gartner advised that organizations need to protect their data from quantum computing decryption risks, adding, “PQC algorithms are not drop-in replacements for existing asymmetric algorithms. Current applications may have performance issues, will require testing and may need to be rewritten.”

What Quantum Computing Means for Cybersecurity

Quantum computing threatens several crucial cybersecurity components:

1. Secure Web Traffic: Public key encryption underpins the safety of internet browsing. Quantum attacks could make HTTPS unreliable unless quantum-resistant TLS protocols are rapidly implemented.
2. Digital Contracts: Any contract digitally signed with current encryption algorithms faces potential compromise. Davidoff advises, “If you have a contract right now that’s digitally signed and needs to be valid for 10 years or more, now is the time to cryptographically resign that.”
3. Cryptocurrency: Quantum computing endangers cryptocurrency wallets. Public-private key pairs used in cryptocurrencies like Bitcoin become vulnerable, potentially allowing theft by reversing keys.
4. Software Updates: Digitally signed software updates, vital for ensuring authenticity, could be maliciously manipulated. Malicious actors could distribute harmful updates disguised as legitimate releases.
5. Email Signing and Phishing Protection: Digital signatures ensure the authenticity of emails, crucial for anti-phishing. Quantum capabilities threaten these verification methods, undermining trust in email communication.

Practical Actions: Preparing for Quantum Computing and Cybersecurity Threats

Preparing now is essential. Here are several steps you should take:

• Map Your Cryptography Usage: Identify critical systems reliant on encryption, including digital signatures, encrypted cloud data, VPNs, and key exchanges.
• Vendor Vetting: Question your software vendors about their quantum readiness. Durrin emphasizes, “I would be asking my vendors what their plans are for post-quantum cryptography.” Incorporate quantum readiness into your vendor vetting process. Read more advice on third-party risk management in our blog.
• Protect Long-term Data: Assess long-term confidential data repositories. If your sensitive data was encrypted with algorithms vulnerable to quantum attacks, re-encryption with quantum-resistant algorithms should be a priority.
• Adopt Hybrid Cryptography Approaches: Start integrating quantum-resistant algorithms alongside current encryption methods to ensure a smooth transition. Davidoff recommends, “Combining classical encryption algorithms with some newer algorithms can provide immediate protection and future-proofing.”
• Follow NIST Guidelines: Stay updated with NIST’s evolving recommendations. The newly finalized standards will become industry benchmarks for quantum-resistant encryption.

The “Harvest Now, Decrypt Later” Threat

A particularly worrying trend is attackers harvesting encrypted data today, intending to decrypt it once quantum computing matures. Sensitive historical data, presumed secure, could become vulnerable. Davidoff warns, “If you have information that got leaked in an encrypted form, check the algorithm. It could become a future risk.”

Quantum Computing’s Impact on Malware

Quantum computing could reshape malware strategies. Cybercriminals might exploit vulnerabilities in legacy cryptographic systems, releasing malware signed with compromised keys. Conversely, it could also disrupt malware relying on vulnerable cryptography. “We might see criminals exploiting older valid keys to cryptographically sign malware,” Durrin warns.

Quantum Opportunities in Cybersecurity

Despite risks, quantum computing also presents new cybersecurity opportunities. Quantum entanglement, a phenomenon where particles maintain identical states regardless of distance, could enable ultra-secure key exchanges. Future quantum technologies might enhance security through fundamentally unbreakable communication methods.

Next Steps

Quantum computing and cybersecurity represent both a looming threat and an opportunity. Your organization must proactively transition to quantum-resistant technologies, guided by expert frameworks such as those provided by NIST.

If you need help updating your strategy or creating a plan, please contact us for more information on our vCISO services or our cybersecurity policies and procedures guidance.