DigiCert has released the results of its global study on how companies are addressing post-quantum computing threats and preparing for a safe computing future.
According to the key findings from the study, IT leaderships are concerned about their readiness to face potential security threats, along with organisational obstacles such as the lack of clear ownership, sufficient budget and solid executive support.
Since breaking through encryption becomes easier with quantum computing, there is a major threat to data and user security that must be addressed.
“Post-quantum cryptography (PQC) is a seismic event in cryptography that will require IT leaders to begin preparations now. Forward-thinking organisations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024,” said Amit Sinha, CEO of DigiCert.
In APAC, 39 per cent of companies have stated that they feel they have less than five years to be properly prepared to face cyberthreats, while 53 per cent stated that they either already have a security plan or will have such a strategy within the next six months.
“In the APAC region, where digital transformation is rapidly evolving, the need for quantum-safe cryptography is paramount. As industry bodies and governments drive progress, we urge businesses to prioritise their preparations for PQC to safeguard their data and maintain trust in an increasingly interconnected world,” said Armando Dacal, group vice president for Asia Pacific and Japan (APJ) at DigiCert.
63 per cent of organisations do not have a centralised crypto-management strategy or have a very limited one which can only be applied for certain applications and use cases.
Further findings in the report state that data security teams must keep ahead of cyberattacks and prepare for a post-quantum computing future at the same time.
Only half of surveyed respondents were able to claim that their companies are effectively mitigating risks, vulnerabilities and attacks across the organisation. Ransomware and the theft of credentials rank as the top two cyberattack modalities experienced by the companies that were surveyed.
The information that has emerged about the organisations’ cryptographic keys is also worrying.
Most companies are unaware of the features and locations of their cryptographic keys, while only 52 per cent say that their companies are currently taking inventory these keys.
Only 39 per cent claim to prioritise their cryptographic assets and a mere 36 per cent are able to state that they are trying to find out if their data and cryptographic assets are stored locally or in the cloud.
Most simply did not have a centralised crypto-management strategy.
The effective and efficient ability to deploy cryptographic solutions is a primary requirement in ensure the safety of a company’s information and IT assets. Most organisations surveyed said that they do not have the ability to deploy enterprise-wide best practices and policies that will be able to holistically detect and respond to being attacked.
While organisations do recognise that they lack the required expertise to handle quantum computing requirements, they also realise the need to have a strategy that includes strong support from senior leadership, visibility into cryptographic keys and assets and centralised crypto-management strategies that need to be applied consistently across the enterprise with accountability and ownership.