C-suite executives are becoming increasingly concerned about the growing threat quantum computing presents to cyber security and are less concerned about other novel tech like deepfakes.
While it’s still only a theoretical issue, the scale of the problem quantum would pose has led many companies to plan for it in advance, an expert has said.
“You don’t have any type of proven attacks that can crack encrypted traffic and encrypted data, but they’re really, really worried about it,” said Itai Greenberg, chief strategy officer at Check Point, to ITPro.
A particular concern is the ‘steal now, crack later’ approach, in which hackers could covertly exfiltrate encrypted data today in the hope that years down the road they can decrypt it using quantum computing.
“The magnitude of the impact that something like this can cause to the world is enormous. The whole internet is based on basic encryption algorithms that we all use.”
“I’ve been asked by different, large financial and government institutions about this recently,”
Prominent figures such as John Roese, global chief technology officer (CTO) at Dell, have previously told ITPro that quantum poses a larger threat than AI, though it also carries a range of benefits such as a generational leap in computing speeds.
The UK government announced support for more research into quantum computing in the Spring Statement, while Microsoft is pursuing its own quantum supercomputer.
RELATED RESOURCE
Automation antidotes for the top poisons in cyber security management
See how you can transform your IT security operations with a single platform.
Despite the alarm raised at the board level, it may not be until the end of the decade that quantum computing is achieved.
A threat that Greenberg described as ‘more realistic’ than quantum computing in the short term is that of deepfakes.
This is the technology that allows people to alter their appearance in pre-recorded videos or even over a live conference call, and can be used for novelty or by a criminal to trick a victim into thinking someone they’re not.
Real-time deepfakes were used to trick politicians such as the Mayor of Berlin, and deepfaked audio files like those produced by Microsoft’s VALL-E can be used to believably play the role of a trusted individual over the phone or via audio files in an email.
Greenberg said the threat was considered “niche” in boardrooms at present, and customers are far more concerned about quantum computing than this other novel technology.
The threat of adding deepfake technology to traditionally successful attacks like ransomware and phishing has been hypothesised for years, since the technology started to become renowned.
The threat has always thought to be real, but one that would arrive in the future. Over the past few years, the technology has become more mature and increasingly convincing across both video and voice, sparking fears that it could usher in a new era of cyber crime sooner rather than later.
“But the quality of deepfake videos and sounds is becoming so good that I can see how this could become a major threat to the world,” said Greenberg.
“On the voice, it’s a much better job than the video level. It’s very, very impressive on the video level but it still feels a little bit fake. But it won’t take too long until it becomes amazing… I’m not talking about years, I’m talking about months.”
He noted that there is no widely-available solution for detecting deepfake videos or calls at present, but that work is ongoing to develop tools rooted in AI to achieve this.
Intel has developed its own tool for detecting deepfakes in real time, called FakeCatcher. It works by picking out key details in an individual’s face, then using deep learning to analyze the changing color of blood under their skin.
This is a feature of biology that deepfakes cannot reproduce, so works as an effective marker that a person is really who they appear to be. Intel claims it has a detection accuracy of 96%, and that this even applies to heavily compressed video.
In the meantime, Greenberg stressed that companies should continue to bear in mind that there are always new technological challenges but that existing best practices should be upheld.
One way in which companies are assessing their own core security standpoints right now is by looking at their cloud infrastructure.
Greenberg said that many companies have struggled to effectively distribute their security when they moved to the cloud, and lost the hard and fast firewall and security barriers they previously enjoyed in on-prem storage and computing.
“From a security standpoint, the cloud as we know it is very prone to mistakes,” he also noted.
“A small mistake that you make in the cloud can put you in a position of big risk, whereas when you make a small mistake on-prem you still have the defense of the perimeter.”
Many companies moved to the cloud in the past few years, but in light of the complexities it presents this pace may have slowed down. Greenberg urged companies to establish a clear, consolidated security platform in the cloud rather than relying on disparate security products.
“I think that customers are gradually and slowly moving critical machine applications to the cloud. They started by shifting a lot of IT applications to the cloud, but as they are moving their mission critical elements they’re taking baby steps to do it properly.”
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Get started on post-quantum encryption, organizations warnedNews The UK's national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035.
-
NIST aims to quantum-proof encryption with new algorithmsNews Three algorithms are now in draft and more are on the way to bolster enterprise defenses
-
GSMA partners with IBM, Vodafone on Post-Quantum Telco Network TaskforceNews The three organisations will work together to create a roadmap to implement quantum-safe networking
-
How quantum computing could change cyber securitySponsored The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum future
-
US unveils next-gen encryption tools to withstand quantum computing attacks
News The National Institute of Standards and Technology (NIST) hopes to offer a variety of tools for quantum-proof encryption
-
BT and Toshiba address QKD concerns with new trialNews The National Cyber Security Centre (NCSC) previously raised concerns of potential attacks
-
AWS launches quantum random number generatorNews The cloud giant is using an Australian university’s technology to help customers access random numbers for experiments through an API
-
Shiseido reportedly suffers data breachNews The Japanese cosmetics company has been accused of failing to notify affected staff of the leak
