Introduction
Quantum computing offers unquestionable opportunities for Australian businesses, but it also tests the resilience of current cybersecurity frameworks and underscores the need to prepare and adapt cyber defences. Whilst still in its early stages, future breakthroughs in the technology may challenge the security of traditional encryption methods used to protect sensitive data, rendering them obsolete.
This technology could be exploited by adversarial nation-states and cybercriminals to breach government security, disrupt financial transactions, compromise personal data, and damage critical infrastructure. Next-generation quantum computing will exponentially worsen these issues. In the wrong hands, quantum computers will be able to decrypt anything — from personal files and professional data to trade secrets and national security plans.
Australian organisations, as with organisations in other regions, remain crucially unprepared for quantum computing cyber risks. Recent research from ISACA found that respondents in Australia & New Zealand were more concerned than overseas peers about the cybersecurity risks from quantum. However, only 5 per cent said preventing this is a high priority in their organisation.
Organisations must prepare now for this new era of cybersecurity threats by adopting a proactive approach, planning and testing, and taking action to minimise disruption. Some practical steps to take for a quantum-ready future are:
Start Now
Quantum is now an active arms race between threat actors, organisations, and governments. Ignoring it or delaying action will leave your organisation dangerously exposed as relevant changes cannot be safely identified and implemented overnight. Upgrading what we’ve relied on for a decade or longer takes time and doing so safely can take years. Now is the time to understand the strategies that can equip you with the right defence and without impacting operations.
The Australian Signals Directorate (ASD) has outlined planning considerations for post-quantum cryptography (PQC). Recommendations for organisations include building an encryption inventory, planning the transition to PQC, retiring legacy cryptography, engaging vendors and educating teams on PQC use. ASD is monitoring PQC standardisation efforts and updating ASD-Approved Cryptographic Algorithms in the Information Security Manual (ISM).
The National Institute of Standards and Technology (NIST) released draft standards and earlier this year, announced HQC (Hamming Quasi-Cyclic) as a backup algorithm for post-quantum encryption.
Replace Legacy Technology
Many industries, including healthcare, retail, education, and utilities, are still using legacy operating systems, which are more likely to experience attack attempts. Malicious actors intentionally target these systems because they have an expansive, intricate attack surface and are easier to breach. Legacy technology is already a liability, but quantum computing will accelerate the need for modernisation and the adoption of quantum-resistant solutions. Starting the quantum migration early will help IT and security teams better handle the threats they face today, particularly through investments in automation.
Prioritise Proactive Cyber Defence
Proactive cyber exposure management is the foundation of an effective defence. Quantum computing will make targeting connected, non-quantum-ready assets much easier. By deploying a modern approach that continuously identifies, assesses, prioritises, and mitigates threats across the entire digital environment, organisations gain a holistic understanding of their vulnerabilities, enabling them to prioritise remediation efforts more effectively and protect themselves from direct attacks and breaches, now and in the future.
