Quantum Security Risks

✏️CEPS (Centre for European Policy Studies) has just published the report "Strengthening the EU transition to a quantum-safe world" This 125-page publication offers a comprehensive and very timely analysis of the global transition toward quantum-safety, highlighting key recommendations and identifying the hurdles that we, as a community, still need to overcome. Accross its 10 general recommendations and 16 additional sector-specific ones, two key aspects take a prominent role: 👉 Operational challenges of the transition, like establishing business-level priorities, building executive support, addressing the limited cryptographic talent issue, cryptographic homogeneization in products, and building cryptographic inventories based on priorities. 👉 Coordination and the role for regulators, identifying that the EU lacks a coherent, unified transition framework, the need to ensure alignment and coherence across roadmaps and the risks of a fragmented transition. Key conclusions on the later, aligned with previous statements from the Europol Quantum Safe Financial Forum and FS-ISAC, is that quantum-safety is already part of the EU's operational resilience compliance through the “state of the art” security principle embedded in GDPR, DORA, CRA and NIS2. However, there is a recognised need for further guidance that can be achieved through open collaboration between the public and private sector. Although the report focuses on the financial, public, and defence sectors, its main takeaways can easily be extended to other critical domains—transport, energy, healthcare, and many more. The principles are the same, and the urgency is the same. This report is an important step forward, and my hope is that the ideas it lays out help shape the conversations and, more importantly, the actions we need across the EU. A well-aligned and coordinated transition is essential if we want the whole ecosystem to move toward a new age where we manage cryptography in a more mature, proactive, and resilient way. Kudos to CEPS, lorenzo pupillo, Carolina Polito, Swann A. and Afonso Ferreira, PhD for achieving this milestone. https://lnkd.in/dpWJ86q2

🗞️ Needed report By CyberArk on a burning issue : identity security. A decisive element that will determine our ability to restore digital trust. 🔹 « Identity is now the primary attack surface. » Defenders must secure every identity — human and machine 🔹 with dynamic privilege controls, automation, and AI-enhanced monitoring 🔹and prepare now for LLM abuse and quantum disruption. Machine identities are the fastest-growing attack surface 🔹Growth outpaces human identities 45:1. 🔹Nearly half of machine identities access sensitive data, yet 2/3of organizations don’t treat them as privileged. Quantum readiness is urgent 🔹Quantum computing will break today’s cryptography (RSA, TLS, identity tokens). 🔹Transition planning to quantum-safe algorithms must start now, even before standards are finalized. Large Language Models include prompt injection, data leakage, and misuse of AI agents. So organizations must treat them as a new class of machine identity requiring monitoring, access controls, and secrets management. 🧰 What can we do? ⚒️ 1/ Implement Zero Standing Privileges (ZSP) • Remove always-on entitlements; grant access dynamically and just-in-time. • Minimize lateral movement by revoking privileges once tasks are complete 👥2/ Secure the full spectrum of identities • Differentiate controls for workforce, IT, developers, and machines. • Prioritize machine identities: vault credentials, rotate secrets, and eliminate hard-coded keys. 🛡️ 3/ Embed intelligent privilege controls • Apply session protection, isolation, and monitoring to high-risk access. • Enforce least privilege on endpoints; block or sandbox unknown apps. • Deploy Identity Threat Detection & Response (ITDR) for continuous monitoring. ♻️ 4/ Automate identity lifecycle management • Use orchestration to onboard, provision, rotate, and deprovision identities at scale. • Relieve staff from manual tasks, counter skill shortages, and improve compliance readiness. 5/ Align security with business and regulatory drivers • Build an “identity fabric” across IAM, PAM, cloud, SaaS, and compliance. • Tie metrics (KPIs, ROI, cyber insurance conditions) to board-level priorities. 6/ Prepare for next-generation threats • Establish AI/LLM security policies: control access, monitor usage, audit logs. • Begin phased adoption of post-quantum cryptography to protect long-lived sensitive data. Enjoy the read

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

🚨🤖PhD saturday morning Tokenisation Facing the Quantum Abyss: My Analysis of the HSBC Case I’ve spent 20 years at the intersection of finance and tech, and if I’ve learned one thing, it’s that asset tokenisation (a projected $16 trillion opportunity ) has an Achilles' heel: quantum computing. The current security model ("Store Now, Decrypt Later" ) is a ticking time bomb for long-lived assets like gold or bonds. I just dissected the whitepaper by HSBC and Quantinuum on their "Gold Token". Here is my executive summary and, more importantly, the technical "gaps" every CTO must consider. 🚀 The Win: Pragmatism over Perfection Instead of a costly DLT re-engineering, they implemented a smart hybrid solution: PQC-VPN Overlay: They protected the transport layer (data in motion) with post-quantum cryptography without touching the ledger core. No Performance Impact: Most impressively, they kept latency and throughput (30-40 TPS) intact. Quantum Entropy: They hardened keys using QRNG (quantum generators) to avoid algorithmic predictability. ⚠️ The 3 Critical Gaps (and how to bridge them): Integrity vs. Confidentiality: The Flaw: The pilot secures the tunnel (VPN) and prioritizes confidentiality. However, it does not yet fully address the risk to digital signatures on the ledger itself; if a quantum actor breaks the signature scheme, they could forge transactions. The Solution: "Phase 2" must integrate post-quantum signatures (like ML-DSA/Dilithium) directly at the DLT application level. The Interoperability Risk: The Flaw: Conversion to ERC-20 for interoperability is highlighted. But the moment the asset touches a non-quantum public network (like Ethereum today), it loses its immunity. The Solution: Implement "Quantum Wrapped Tokens" that restrict holding only to wallets with verified PQC security. "Offline" Key Management: The Flaw: The entropy seed transfer was done "offline" (physically). This does not scale and represents a human operational risk. The Solution: Automate seed rotation or, ideally, use Quantum Key Distribution (QKD) to eliminate the human factor. My Verdict: HSBC has taken a vital first step to protect confidentiality today. But true quantum resistance requires protecting not just the "pipe" the data travels through, but the mathematical immutability of the asset itself. Is your organization waiting for NIST, or are you already protecting the transport layer? #FinTech #QuantumComputing #CyberSecurity #AssetTokenization #Blockchain #CISO #HSBC

Three weeks ago, our Devsinc security architect, walked into my office with a chilling demonstration. Using quantum simulation software, she showed how RSA-2048 encryption – the same standard protecting billions of transactions daily – could theoretically be cracked in just 24 hours by a sufficiently powerful quantum computer. What took her classical computer billions of years to attempt, quantum algorithms could solve before tomorrow's sunrise. That moment crystallized a truth I've been grappling with: we're not just approaching a technological evolution; we're racing toward a cryptographic apocalypse. The quantum computing market tells a story of inevitable disruption, surging from $1.44 billion in 2025 to an expected $16.22 billion by 2034 – a staggering 30.88% CAGR that signals more than market enthusiasm. Research shows a 17-34% probability that cryptographically relevant quantum computers will exist by 2034, climbing to 79% by 2044. But here's what keeps me awake at night: adversaries are already employing "harvest now, decrypt later" strategies, collecting our encrypted data today to unlock tomorrow. For my fellow CTOs and CIOs: the U.S. National Security Memorandum 10 mandates full migration to post-quantum cryptography by 2035, with some agencies required to transition by 2030. This isn't optional. Ninety-five percent of cybersecurity experts rate quantum's threat to current systems as "very high," yet only 25% of organizations are actively addressing this in their risk management strategies. To the brilliant minds entering our industry: this represents the greatest cybersecurity challenge and opportunity of our generation. While quantum computing promises revolutionary advances in drug discovery, optimization, and AI, it simultaneously threatens the cryptographic foundation of our digital world. The demand for quantum-safe solutions will create entirely new career paths and industries. What moves me most is the democratizing potential of this challenge. Whether you're building solutions in Silicon Valley or Lahore, the quantum threat affects us all equally – and so does the opportunity to solve it. Post-quantum cryptography isn't just about surviving disruption; it's about architecting the secure digital infrastructure that will power humanity's next chapter. The countdown has begun. The question isn't whether quantum will break our current security – it's whether we'll be ready when it does.

🧠 Quantum computing: What business leaders need to do right now Right now, criminal and state-sponsored hackers are intercepting and storing encrypted data they cannot yet decode. Likely targets include everything from corporate secrets and medical records to legal agreements and military communications. Why would these actors bother to steal data they can’t read? Because they are betting on developments in quantum computing that will eventually let them crack this encrypted data wide open. This isn’t a fringe theory. The NSA (National Security Agency), NIST (National Institute of Standards and Technology), and ENISA (European Agency for Cybersecurity) are all treating this “harvest now, decrypt later” scenario as a live threat that is serious enough to demand immediate action. The NSA has mandated that all U.S. national security systems must transition to quantum-resistant cryptography by 2035—with new acquisitions required to be compliant by 2027. In Europe, ENISA issued updated guidance in April 2025 warning that the threat is “sufficient to warrant caution, and to warrant mitigating actions to be taken,” and recommending that organizations begin deploying post-quantum cryptography immediately. NIST has launched a parallel global effort to develop the new cryptographic standards on which these transitions will depend. The message from all three bodies is the same: Organizations run a grave risk if they wait to begin upgrades until quantum computers can break current encryption standards. That is the reason business leaders need to pay attention to quantum computing now — not because the technology is ready, but because the risk is grave, and the cost of preparation is trivial compared with the cost of being caught flat-footed. 🔗 Find out how in our new Fast Company article here: https://lnkd.in/g54y88UE.

Quantum computing is moving from "science fiction" to "business reality" faster than most predicted. Two recent papers have fundamentally shifted the timeline for when we need to care about Quantum-Safe security: 1️⃣ The "10,000 Qubits" Milestone: New research shows that we can execute Shor’s algorithm—the math that breaks today’s encryption—with far fewer resources than previously thought. By using reconfigurable atomic qubits, the hardware requirements for cracking RSA-2048 have dropped by nearly 20x. 2️⃣ The "9-Minute" Crypto Warning: Google’s latest whitepaper highlights a terrifying reality for digital assets. Under advanced quantum scenarios, the encryption protecting a cryptocurrency wallet could be cracked in under 10 minutes. This puts billions in "dormant" assets at immediate risk of "at-rest" attacks. The Bottom Line: The "Q-Day" window is shrinking. It’s no longer about if a quantum computer can break your encryption, but when your current migration timeline will run out. How do we respond? We can't just flip a switch on "Q-Day." For many organizations, becoming quantum safe is a multi-year journey. This is where Palo Alto Networks Quantum-Safe Security comes in. Instead of a manual, multi-year overhaul, we provide a path to Agentic Resilience: - Continuous Discovery: It automatically maps your "cryptographic bill of materials" (CBOM), identifying exactly where vulnerable RSA and ECC algorithms are hiding in your network. - Risk Prioritization: It correlates your encryption strength with business criticality, telling you exactly which high-value assets need to move to Post-Quantum Cryptography (PQC) first. - Real-Time Remediation: For legacy systems that can’t be easily upgraded, a "Quantum-Safe Proxy" re-encrypts vulnerable traffic into post-quantum algorithms (like ML-KEM) at the network edge. The transition to a quantum-safe future is a marathon, but the starting gun has already fired. Learn how to take your first steps at the link in the comments.

Is quantum computing the next big cybersecurity threat? For decades, encryption has been our digital fortress. But quantum computing is challenging that foundation—and the stakes couldn’t be higher. Let me explain. Quantum computers, powered by qubits and quantum mechanics, have the potential to break today’s most secure encryption methods in record time. Algorithms like RSA, which protect everything from online transactions to national secrets, may soon become obsolete. Here’s the reality: → "Harvest Now, Decrypt Later": Cybercriminals are already storing encrypted data, waiting for the day quantum computers can crack it. → Encryption at Risk: Shor’s Algorithm and similar quantum innovations could dismantle current security protocols, leaving sensitive information vulnerable. → The Clock is Ticking: While quantum computers aren’t powerful enough yet, experts predict it’s only a matter of time. So, how do we prepare? → Post-Quantum Cryptography: Organizations like NIST are working on quantum-resistant algorithms to protect future data. → Quantum-Safe Protocols: Hybrid models combining classical and quantum encryption are emerging to secure transitions. → Risk Assessments and Training: Companies must identify vulnerabilities and educate cybersecurity teams on the implications of quantum advancements. The future of cybersecurity isn’t just about defending against traditional threats—it’s about staying ahead of quantum possibilities. Are we ready to face the next wave of cyber threats? Let’s discuss. 👇