This article covers:
Crowe Global’s Art of Smart content is designed to inform, inspire and influence business leaders so they can make better decisions. Assessing the opportunities and threats around quantum computing is a prime example of where it adds value.
Previously, the Art of Smart offered expert tips to help improve ‘quantum readiness’ and take advantage of the nascent technology’s incredible potential. While the immense processing power promised by quantum computing is heralded as the next technology frontier, that capability could, in theory, break encryption codes in a blink, exposing sensitive data vulnerable to cyberattacks.
In 1994, Peter Shor, professor of applied mathematics at Massachusetts Institute of Technology, invented an algorithm, now known as Shor's Algorithm, to enable quantum computers to determine the prime factors of numbers. This discovery increased interest in quantum computing. In 2022, investment in quantum initiatives reached US$35.5 billion across multiple continents, found World Economic Forum research.
Business leaders must be bold and innovative—two of the Art of Smart’s pillars of success—and proactive to address the security concerns presented by quantum computing, ensuring that they are well-equipped to mitigate risks and protect their organizations.
Indeed, today’s ‘classic’ computers would require roughly 300 trillion years to crack communications protected typically by RSA encryption algorithm, which has a 2,048-bit digital key. However, a quantum computer powered by 4,099 qubits (a basic unit of quantum information) could effectively “guess” keys and would need just 10 seconds, according to cybersecurity experts. Some are calling this scenario “the quantum apocalypse.”
Currently, the most powerful quantum processor is IBM’s 433-qubit Osprey, which took flight at the end of 2022. IBM’s development roadmap shows the Condor, with 1,121 cubits, should land soon.
The ability to break today’s encryption might not happen for 20 or 30 years, but this threat can’t be dismissed now. This is a here-and-now problem—not a project to put off until it’s a huge issue. The stable door is already wide open. Being crypto agile is a new skill, a new role that the organization has to take on—and it’s not a one-off task but an ongoing process.
Baloo echoes this advice. “Every business on the planet needs cryptographic agility.” But where to begin? She references Wendy Nather, Cisco’s Head of Advisory CISOs, who discusses “the information security poverty line.” Baloo says: “A lot of organizations cannot get the basics right, and there is a bunch of stuff that needs to be done well before organizations talk about quantum risk appetite.”
Leadership support and funding are vital for CISOs to improve crypto agility and map out a clearer picture of cyber risk that reaches third parties and even beyond, continues Baloo. “‘Know thy self’ remains the most difficult thing for any organization to do regarding asset understanding,” she adds. “Determining employee use of data, the extended vendor landscape, and so on, is super difficult, but it’s where everything must begin.”
Hackers can capture a whole bunch of interest traffic, and what they do is hold on to that to wait for a viable quantum computer that’s capable of using Shor’s algorithm to break that encrypted material and turn it into plain text. The reasoning being: old secrets are as good as new secrets.
Lanre Ogungbe, Co-Founder and CEO of Prembly, one of Africa’s largest security and compliance companies, provides a compelling analogy. “If you leave your child in a crib and meet him outside in the morning, you don’t just build a bigger or stronger crib; you first try to figure out how the child is escaping.”
There are some regions more at risk than others. For example, 90 percent of all businesses in Africa operate without a basic digital security structure, according to Interpol. Thankfully, Prembly and similar security companies are working hard to protect the African data ecosystem in the face of the quantum threat.
“Most of our research and development—especially in-house—is to figure out exactly how quantum technology is going to break encryption and then see how we can develop even more secure systems than that,” says Ogungbe, a member of the Nigeria National Assembly Business Environment Roundtable.
For a continent with limited resources like Africa, Ogungbe argues that it’s essential to approach the issue systemically and not throw a colossal amount of resources that will, in turn, build expensive and inaccessible solutions. It’s a lesson that leaders in other regions and operating in different industries should heed.
According to a 2022 report by the Africa Data Centers Association, Africa’s data hosting and processing capacity doubles every three years. Experts have expressed concern that the continent’s digital speed needs to be met with much-needed security measures. “It’s not just businesses that are going to need to adapt. Even our national identity processors, hundreds of millions of registered identities, are in danger,” says Ogungbe. “But it’s also an opportunity.”
Ogungbe argues that quantum innovation can be used to protect as much as it can be used to attack. Most importantly, though, collaboration and partnership with domain experts are crucial. “It is important for stakeholders to come together and collectively figure out better shields. That’s why this is an opportunity, because we’re looking at what we’ve settled for as the most advanced security system in the world,” adds Ogungbe. “But there can be new standards, and quantum computers will probably be part of reaching them.”