Will quantum computing revolutionise cybersecurity? IBM thinks so
The world of cybersecurity has seen rapid advancements over the past decade, as technology permeates more and more aspects of commercial and consumer life. The proliferation of endpoints brought about by the rapidly expanding Internet of Things (IoT) has created an infinitely larger number of ways for cyber threats to enter a company’s network.
Cloud centric cybersecurity firm ExtraHop reported recently that, in 2018, the average dwell time (the time a cyber threat has access to a company’s network before striking) had risen to an average of 101 days, “and that’s just the average. Many organisations have discovered threats that had lurked in their environments for years before being discovered,” writes ExtraHop cybersecurity professional Chase Snyder.
With the industry leading enterprises reeling from one major cyber breach after another, cybersecurity experts are turning to an emerging element of IT, in the hope that it can provide the edge they need against everything from nation state sponsored hackers to Anonymous.
Quantum computers (that use qubits - bits that can exist in multiple states, as opposed to the 1 or 0 that binary can achieve) are exponentially more powerful than the most advanced modern supercomputers. The implication is that quantum computers could “lead to new breakthroughs in science, life-saving medical advances, and financial strategies to live well in retirement. Algorithms could even quickly direct emergency services such as ambulances,” says a collaborative report between The European Sting and the World Economic Forum.
However, the application that has businesses and governments investing billions of dollars in the technology is its ability to overcome traditional encryption.
We find ourselves in the midst of a new arms race. The cybersecurity company that harnesses the power of quantum computing before anyone else will be a great deal closer to making their systems impenetrable, and getting that dwell time number of days a lot closer to the holy grail of zero. The hacker who gets their hands on quantum computing technology first will be able to waltz into the most secure systems on the planet, even potentially cracking blockchain encryption and doing everything from stealing the most secure information on the planet to destabilising the cryptocurrency market. The stakes couldn’t be higher.
As one of the largest and most innovative software companies in history, IBM have their horse firmly in the race. IBM first made quantum computers available through its public cloud in May 2016 with the IBM Q Experience platform. As of today, users have executed more than 28mn experiments and simulations on the quantum cloud platform and published over 180 third-party research papers. IBM Q is one of the world’s most advanced quantum computing initiatives, focused on propelling the science and pioneering commercial applications for quantum advantage.
The company made an announced today that may be the next big step in the race to a quantum cyber secure future. IBM is announcing that it will begin to provide “quantum-safe cryptography services” on the IBM public cloud in 2020 and is now offering a Quantum Risk Assessment from IBM Security to help customers assess their risk in the quantum world.
"IBM Cloud is taking the critical steps needed to help enterprises ensure their data stays secure in a quantum future," said Harish Grama, general manager, IBM Cloud. "Starting in 2020, IBM Cloud will roll out new services that will help keep data secure and private from the emerging cybersecurity challenges presented by future quantum computers."
The technology IBM is deploying is awe inspiring in its scope. "In order to prepare for the impact that quantum computers are expected to have on data security, IBM Research has been developing cryptographic algorithms that are designed to be resistant to the potential security concerns posed by quantum computers," said Vadim Lyubashevsky, cryptographer, IBM Research. "Our jointly developed quantum-safe algorithms, part of a lattice cryptography suite called CRYSTALS, are based on the hardness of mathematical problems that have been studied since the 1980's and have not succumbed to any algorithmic attacks, either classical or quantum. This is why we have made our algorithms open source and have submitted them to NIST for standardisation."
Report: Financial institutions face cloud-based threats
Over one year into the pandemic, different financial institutions report costly consequences to falling short of protecting their data storage from cloud-based attacks and network disruptions. The report is based on more than 800 responses from IT professionals working in the financial services industry in North America, Latin America, Europe, and the Asia-Pacific region.
- Data breaches are an increasingly significant cost burden for the industry: Worldwide, financial firms that experienced a data breach reported estimated average losses of roughly $4.2 million per attack, with U.S. organisations hit hardest at $4.7 million in estimated losses.
- Network outages also result in costly burdens: Institutions lose an estimated $3.2 million on average with Asia-Pacific followed by European institutions carrying the heaviest losses at $4.3 million and $3.1 million respectively.
- The industry remains a popular target for cloud-based attacks: Over half of all organisations (54%) surveyed suffered a data breach in the last 12 months with 49% plagued by a cloud malware attack as well.
- Cloud and network-based attacks will continue to be a major threat vector: More than 50% of respondents expect to face a combination of IoT attacks, cloud vulnerabilities including misconfigurations, and data manipulation attempts over the next 12 months.
- Threat resolution teams are embracing network visibility for security hygiene: Globally, network monitoring (76%), threat intelligence (64%), and threat hunting (57%) are considered the most effective mitigation tactics against these threats.
Even before the pandemic, tech companies were increasingly seeking moves to the cloud. The COVID-19 crisis has accelerated the adoption of cloud computing by the financial sector as part of its process of digitalisation. As companies transition and move data, there can be a lack of protection due to a number of factors such as undertrained staff and insufficient firewalls.
“The financial services sector has long been a target for bad actors who are following the cyber money trail into the cloud,” said Anthony James, VP of Product Marketing at Infoblox. “As the pandemic pushed IT infrastructures to rely on remote work, cloud-based technologies that enabled digital transformation also created soft spots for cyber criminals to exploit.”
“This report shows us that cloud compromise has become the biggest cybersecurity issue for financial institutions and the investments they are making to protect themselves,” James continued.