elevenM’s Rahul Prasad explains what security teams can do today to prepare for the future capabilities of quantum computing.
By now it’s well understood in security circles that large-scale quantum computers will one day be able break encryption standards used to secure data today. While this might seem like a future problem, the reality is that these technological advances are already having implications for organisations today.
As quantum computing rapidly advances, a tactic known as “store now, decrypt later” (SNDL) has emerged as a pressing concern for cyber security teams. The concept involves attackers intercepting and storing encrypted data today with the expectation that, in the future, quantum computers will be able to break current encryption standards, exposing this previously secure information.
Current encryption methods, like RSA and ECC, rely on the difficulty of factoring large numbers or solving discrete logarithms — problems that classical computers handle inefficiently. However, quantum computers leverage principles of quantum mechanics, enabling them to solve these problems exponentially faster through algorithms like Shor’s algorithm, which could easily break RSA and ECC encryption once quantum technology matures.
For organisations that store highly sensitive or confidential information, the risk is particularly worrisome: even if data appears secure today, it may not be safe in the future when decryption capabilities catch up. The sectors likely to be at high risk of SNDL include healthcare (due to sensitive medical records and patient data), financial services (sensitive financial transactions), government and Defence (due to holdings of classified data) and organisations that hold valuable IP (eg. research, patents).
For these sectors, the repercussions of a “decrypt later” scenario extend beyond immediate loss of data and affect long-term trust, intellectual property, and even national security.
Best practice tips for preparing for security threats posed by Quantum Computing
As quantum computing advances, it poses a significant threat to traditional cryptographic systems. Globally, a community of security organisations, academics and standards bodies such as the US National Institute of Standards and Technology are working on Post Quantum Cryptography (PQC) standards.
In the meantime, there are things organisations can do now to mitigate future risks and ensure a smooth transition to quantum-resistant security. Below are key best practices:
- Identify sensitive data: Map out all high-value data assets that, if exposed in the future, could pose risks.
- Evaluating cryptographic methods: Inventory current encryption protocols to assess how vulnerable they are to quantum decryption methods.
- Planning for PQC: Establish a strategic migration plan with a phased PQC deployment strategy, factoring in potential impacts on performance, system compatibility, and regulatory requirements. This could mean testing out new PQC algorithms as they become available and decommissioning older encryption algorithms.
- Track Quantum Advancements: Implement a continuous monitoring program to track advancements in quantum computing and adapt security measures proactively.
- Data Minimisation: Limit data retention where possible to reduce the volume of stored information that could be exposed if decrypted later.
There will be challenges ahead
As one might expect, transitioning to post-quantum cryptography (PQC) will pose a range of technical and strategic challenges that organisations must carefully navigate. One key issue is performance, as PQC algorithms will likely require greater computational power, potentially leading to slower processing times and increased resource consumption.
Compatibility is another concern, as many existing systems were not designed with quantum-resistant encryption in mind, necessitating significant infrastructure upgrades. The cost and complexity of implementing PQC across an organisation further complicate the transition, requiring investment in new technologies, workforce training, and extensive deployment adjustments. Additionally, standardisation delays add uncertainty—while NIST is progressing toward finalising PQC standards, organizations must balance proactive adoption with the risk of future revisions.
To mitigate these challenges, businesses should take a strategic, phased approach, incorporating hybrid encryption models, updating cryptographic protocols regularly, and collaborating with industry leaders to ensure a smooth transition to quantum-resistant security.
The “store now, decrypt later” threat is a reminder that cyber security strategies must be forward-looking, anticipating future risks rather than solely focusing on present-day threats.
Contact us
If you’re interested in learning more about cyber security, maturity assessments and penetration testing in your organisation, please contact us.