As a winery, you understand the concept of harvesting a valuable crop and then holding onto the fruits of your labor to realize the value of your work.  Well … this is a perfect analogy for the threat quantum computing poses to your data.  Whether data on your customers, your business, or that one file with the passwords, it is all vulnerable today to a hack that leverages quantum computing in the future.

Quantum computing hasn’t arrived as a meaningful capability yet, but it isn’t far away[1].  As a result, hackers have realized that if they can capture your data today, even if fully encrypted, and they will unencrypt it once quantum computing arrives.  This is called a “Harvest Now, Decrypt Later” hack[2].  So, if they get your customer list and all that personal identifiable information (PII) they can hold it for a few years, unencrypt it, and voila!  They have it.  In other words, your data can age on their filesystem like a treasured wine until they are ready to uncork its value with quantum computing.

This threat only increases as we get closer to quantum computers being available.  Quantum resistant encryption will not be available far enough in advance to secure your data from these HNDL attacks.  So as a hacker today, I target and harvest data that can hold its value for 3 to 10 years.  However, as the wait for quantum computing diminishes, the range of data you have that has value to a hacker increases and the wait to realize that value shortens. This means the volume of “Harvest Now, Decrypt Later” attacks will only increase between now and the arrival of quantum computing and the quantum resistant encryption technology to thwart it.

What Can You Do?

Review your security policies.

-         Your system today is most likely to get compromised through a socially engineered hack.

-         Would you know if unauthorized actors accessed your data?  What network and system monitoring do you use?

Audit your data management practices.

-         Where is it stored and what security exists?  Not just live data but any backups or copies.  Do staff download it at home on their personal computers?  Isit secure?

-         When and how will quantum resistant encryption get introduced into these system

Catalog the partners and vendors who have access to your data.

-         Do your marketing partners have your customer data?  How do they manage it?  How will they mitigate this risk?  Get those plans and validate them.

Understand your technology providers’ plans to introduce quantum resistant encryption.

-         You are better off with the bigger platform and vendors because they will have quantum resistant encryption the earliest and make it easiest to deploy across your winery.

-         You are better off with fewer vendors because one weak link can expose the whole chain and it simplifies your deployment of the fixes.

Reach out if you would like to explore this further and create a mitigation plan to protect your winery.

Further Reading

In the meantime, you can do some additional reading to educate yourself and your team with the links below so you can make more informed decisions and prioritize your actions.

-         Starting your journey to become quantum-safe, November 2023, Michal Braverman-Blumenstyk, Corporate Vice President, Microsoft Security Division CTO, Israel R&D Center Managing Director

-         Building a Quantum Safe Future, May2023, Charlie Bell, Executive Vice President, Microsoft Security

-         Post-quantum Cryptography, Microsoft

-         Is Quantum Computing a Threat To Current Encryption Methods? May 12, 2023, Michael Redding, CTO Quantropi

-         Next steps in preparing for post-quantum cryptography, November 3, 2023, National Cyber Security Centre

[1] When – and how – to prepare for post-quantum cryptography ,May 4, 2022, McKinsey Digital

[2] When a Quantum Computer is Able to Break Our Encryption, It Won’t Be a Secret, September 13, 2023, Edward Parker, Physical Scientist at RAND Corporation, Professor of Policy Analysis, Pardee RAND Graduate School

‍