Australian companies are on high alert as quantum computing races towards shattering modern encryption, threatening to expose the nation\u2019s most sensitive data unless defences are upgraded fast.<\/p>\n
On Tuesday, the Australian Signals Directorate\u2019s Australian Cyber Security Centre (ACSC) released its Annual Cyber Threat Report 2024-2025<\/a>.<\/p>\n In addition to finding that Australians have continued to report cybercrime incidents once every six minutes, the report warned businesses should prepare for a significant shakeup to modern cryptography.<\/p>\n According to the report, the development of a cryptographically relevant quantum computer (CRQC<\/a>) is \u201con the horizon\u201d.<\/p>\n Such a device would be capable of \u201cbreaking contemporary public key cryptography\u201d, enabling cybercriminals to crack and access encrypted data in ways not previously possible.<\/p>\n Minister for Defence Richard Marles said that while CRQCs are \u201cstill a few years down the track\u201d, he warned Australians will indeed see the advent of much more powerful computers that are able to break [the] encryptions that exist today.<\/p>\n \u201cIt\u2019s important that companies are getting ready for that world.\u201d<\/p>\n What is post-quantum cryptography?<\/p>\n Conventional data encryption typically relies on cryptographic algorithms to scramble sensitive data so it can only be viewed by intended parties.<\/p>\n Advancements in quantum computing, however, are expected to one day offer cybercriminals access to systems capable of breaking these algorithms \u2013 an event commonly forewarned as \u2018Q-Day<\/a>\u2019.<\/p>\n The ACSC report explained businesses should prepare for the likelihood of such computers by adopting \u2018post-quantum cryptography\u2019.<\/p>\n In practice, this would mean using encryption products that incorporate quantum-resistant algorithms \u2013 math so complex it\u2019s considered difficult for both classical and quantum computers.<\/p>\n Speaking in Canberra on Tuesday, Marles emphasised there are already existing products for companies to protect themselves.<\/p>\n \u201cIt\u2019s really important that they get on board with those products as soon as possible,\u201d said Marles.<\/p>\n Andrew Wilson, chief executive of encryption specialist Senetas, encouraged organisations to \u201cbegin their quantum-safe migration without delay\u201d by using \u201cdedicated encryption systems to safeguard sensitive and high-value data\u201d.<\/p>\n Wilson told Information Age there was also a \u201charvest-now, decrypt-later\u201d threat which meant criminals who have stolen encrypted data may eventually be able to make use of it \u201conce a quantum computer becomes available\u201d.<\/p>\n \u201cThe report sends a clear message,\u201d said Wilson.<\/p>\n \u201cThis is a critical national security challenge that Australian organisations must address immediately.\u201d<\/p>\n Throw out the old tech<\/p>\n The report recommended businesses and network owners also focus on three other \u201cbig moves\u201d to prepare for future cybersecurity challenges: implementing best-practice logging; managing third-party risk; and replacing legacy IT systems.<\/p>\n \u201cKeeping legacy IT on a network increases the likelihood of a cybersecurity incident,\u201d read the report.<\/p>\n \u201cIt can also make any cybersecurity incident that does occur much more impactful.\u201d<\/p>\n The issue is particularly rife in government, with more than 70 per cent of Commonwealth entities still relying on legacy IT systems that \u201care costly to maintain, pose significant cybersecurity vulnerabilities, and inhibit innovation\u201d, according to consulting firm Mandala<\/a>.<\/p>\n The ACSC report urged businesses to \u201celiminate the risks associated with legacy IT\u201d by replacing it with systems which are still receiving support.<\/p>\n Where this isn\u2019t possible, the ACSC said \u201ctemporary measures\u201d should be adopted to mitigate some of the risk.<\/p>\n \u201cOld IT systems are gateways for cybercriminals,\u201d said Marles.<\/p>\n