Executive Chairman of Tortora Brayda Institute and co-founder of the National ISAO for AI and Cybersecurity.
As a United Nations judge on artificial intelligence innovation, I often emphasize the need for organizations to strengthen their data security strategies to withstand the challenges of the accelerating pace of AI and quantum computing. Issues like phishing, insecure credentials, and lax security continue to fuel large-scale data breaches.
To help leaders combine various protocols and data protection measures, I asked members of the Cybersecurity Group, a community through which I lead Forbes Technology Councilto share the crucial steps in defending against the inevitable disruptions caused by advances in the quantum age.
1. First, take stock of how your data is currently accessible.
Quantum computing may require new forms of encryption when it finally becomes viable, but in the meantime, organizations will instead need to think about how data is accessed. We have strong encryption solutions today, but there are still significant data breaches. Phishing, insecure credentials, and poor security hygiene are all issues that still need to be addressed and undermine existing data encryption solutions. – Thomas Kranz, Thomas Kranz Consulting
2. Leverage human behavior with a manual key.
Have an administrator manually enter a key to create a pairing encryption key that cannot be guessed by a powerful computer when setting up a firewall. The algorithm does not use the key entered but actually measures the random time lapse of keystrokes by the human typing a random string. The same logic can be applied to overcome the fact that quantum computing can decrypt any secret key. Human behavior is the secret factor. Governance and controls are the key additional layers. – Alon Bender, BenderXpert
3. Create a robust data loss prevention program.
Having a robust data loss prevention (DLP) program can protect sensitive data through identification, vigilant monitoring, and protection. DLP can ensure the integrity and confidentiality of valuable information, inspiring confidence in data security practices. – Mani Padisetti, Digital Armor
4. Identify your organization’s internal champions.
Organizations must prepare for AI and quantum computing-based security threats by identifying internal champions who can identify the organization’s most critical and risky data, where it resides, how it is backed up , and assess whether encryption and obfuscation practices are sufficient to mitigate them. against technological advances. – Lila Kee, GlobalSign
5. Avoid the “harvest now, decipher later” attitude.
We need to closely monitor the “harvest now, decrypt later” attitude, as RSA security is at high risk with quantum computing. This high risk must be addressed before quantum computing becomes mature. The QA center should review asymmetric encryption methods as a whole, such as RSA, ECC, and DH. These methods may become obsolete, and these issues should therefore be subject to further debate. – Kiran Palla, Department of the Treasury (IRS)
6. Switch to crypto-agile solutions.
Quantum computers aren’t magic: they won’t break anything related to security or anything related to cryptography. Instead, public key algorithms will be the main victims. Organizations need to move to crypto-agile solutions that can scale their crypto over time without development projects. For AI, data is essential and, fortunately, there are new solutions for encrypting AI memory (i.e. vector embeddings). – Patrick Walsh, IronCore Laboratories
7. Invest in post-quantum cryptography algorithms.
Invest in the development and implementation of post-quantum cryptography algorithms. These cryptographic methods are designed to be secure against classical and quantum computers, providing a robust solution to potential quantum threats. Encouraging education and public-private partnerships for their rapid adoption will further improve our data security infrastructure. – Amitkumar Shrivastava, Fujitsu
8. Focus on key management of your organization.
Cybersecurity is only as good as the weakest link, and while everyone loves to talk about AI and quantum, the reality is that the biggest threat to crypto is key management. Many organizations still use the same static keys and store them with the data. Key management should be the main priority. – Eric Cole, Secure anchoring advice
9. Have a designated team to evolve with NIST standards.
Designate one person or small team to be smart about it, or partner with a company that specializes in quantum. The transition from classical cryptography to post-quantum cryptography will be long and complex, but essential to the digital economy. Don’t buy or build systems that can’t be upgraded to the new NIST standards in 2024, because they will soon be obsolete. – Denis Mandich, Qrypt
10. Identify your current encryption solutions that lack flexibility.
Develop a catalog of all encryptions used in the organization. Next, explore each solution’s ability to swap one encryption algorithm for another. Press vendors to develop the ability to modify algorithms. Visibility and agility are essential to managing cryptosystems in a modern enterprise: you can’t manage cryptosystems you don’t know, and it’s difficult to manage those that lack flexibility. – Pierre Gregory, GCI Communications
11. Regularly review your IT and OT footprint.
For most organizations, the most pressing threats come from ransomware and financial crime groups that exploit well-known and documented vulnerabilities, including outdated cryptography. Invest in asset management processes to regularly review your IT and OT footprint and audit systems for configuration vulnerabilities, including outdated cipher suites. – Elliott Wilkes, Advanced Cyber Defense Systems
12. Collaborate with industry researchers.
Collaboration between security researchers and various industries is essential in standardization efforts to influence the development of quantum-secure protocols and standards to avoid a “Q-day,” the day when quantum computers make all methods current meaningless encryption methods. – Ronald Martey, GCB Bank PLC
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Am I eligible?