Beyond PQC: Developing Flexible Security Programs to Address Unforeseen Challenges

In a recent interview with Help Net Security, Jordan Avnaim, CISO at Entrust, emphasised the importance of communicating the quantum computing threat to executive teams through a risk-based approach. He advocates for simplicity in communication, using the acronym ‘KICS’—Keep It Cybersecurity Simple—to avoid technical jargon and engage the board in a language they understand: risk. Avnaim highlights that unlike previous technological threats, the arrival of scaled quantum computers is unpredictable, creating a unique vulnerability for sensitive information. He frames this threat as a significant risk that requires immediate attention, urging technical leaders to focus on proactive measures to defend against potential breaches.

Avnaim views post-quantum cryptography (PQC) as both a long-term priority and a near-term operational challenge. He stresses that organisations must begin implementing quantum-safe infrastructure now to protect identities and sensitive data. This year is pivotal for post-quantum preparedness, as regulatory bodies are increasingly recognising the need for PQC. Avnaim warns of the ‘harvest now, decrypt later’ threat, where malicious actors may steal encrypted data today to exploit it once quantum computing becomes viable. He asserts that adopting quantum-safe cryptography is essential to safeguard against these risks and ensure digital trust in the future. 

Categories: Quantum Computing Threat Communication, Post-Quantum Cryptography Preparedness, Risk Management in Cybersecurity 

Tags: Quantum Computing, Risk-Based Approach, Post-Quantum Cryptography, Crypto Agility, Digital Trust, Cybersecurity Communication, KICS Acronym, Harvest Now Decrypt Later, Quantum-Safe Infrastructure, Cyber Breach Prevention