Quantum computing: New threat to encrypted data

By Raúl Casado

Madrid, Apr 13 (EFE).- Cybercriminals are already stealing and storing large volumes of encrypted data in anticipation of future quantum computing advances that could break today’s encryption systems.

The tactic, known as «steal now, decrypt later,» involves collecting data that is currently unreadable but could be deciphered once quantum technologies reach sufficient maturity.

Cybersecurity firms warn that before 2030, new technological capabilities could emerge capable of breaking the mathematical algorithms that currently protect communications, financial transactions, and databases.

The anticipated moment, sometimes referred to as «Q-day,» would mark the point when quantum computing becomes powerful enough to compromise existing encryption systems, potentially exposing sensitive data such as medical records, trade secrets, financial information, and national security documents that must remain confidential for years or decades.

This scenario could put at risk critical data, including medical records, trade secrets, financial information, and national security data, that must remain confidential for many years.

These risks have been highlighted in numerous studies by cybersecurity firms, as well as in a report recently approved by Spain’s Joint National Security Committee of Congress and Senate, which analyzed cyber threats linked to artificial intelligence and quantum computing.

A tactic already used by states and espionage groups

Some experts told EFE that the scenario is not hypothetical but already documented.

They noted that technological renewal cycles in companies and critical infrastructure typically range between 6 and 10 years, meaning many current security systems may still be in use when quantum computing becomes viable.

«It is not enough to protect data against current threats, but also against future capabilities, even if those capabilities are not yet commercially available,» said Alejandro Rebolledo, consulting solutions engineer at NetApp for Spain and Portugal.

Rebolledo added that there is already evidence that some actors, particularly states and espionage groups, are capturing large volumes of encrypted data to decrypt later once quantum computing matures.

While much data is short-lived, information in sectors such as defense, healthcare, finance, and industrial property can retain strategic value for decades.

This includes design plans, formulae, market strategies, contracts, and production data that attackers may «freeze» for future use.

A retrospective threat

Ángel Serrano, head of technical solutions for Iberia at cybersecurity company Palo Alto, warned that «the quantum threat is already here» and represents a «retroactive» risk.

«It’s as if an adversary is stealing locked safes today, knowing it will soon have a master key to open them,» Serrano told EFE.

He added that some companies estimate that conventional cryptography could begin to become insecure around 2029, when hostile states may also begin militarizing quantum technologies.

According to Palo Alto intelligence data, the average time needed to infiltrate and steal data has fallen to just 25 minutes, while attacks now last about 72 minutes from initial access to data exfiltration, four times faster than last year.

«At that speed, attackers don’t distinguish between encrypted and unencrypted data,» Serrano said.

Both experts said this tactic may explain some large-scale data breaches in recent years that have not yet had visible consequences, suggesting attackers may already possess vast amounts of encrypted data awaiting future decryption capabilities. EFE

rc-sk