Quantum computing technology is still on the drawing board, but its vast potential to crack encryption codes means that organizations today should already consider its threats to their most sensitive business data, according to a report from supply chain resilience provider apexanalytix.The danger is that cyber-adversaries are harvesting companies’ encrypted data now even though they can’t open those files, because they plan to decrypt it on a future date, once quantum computing becomes powerful enough.That trend is already being tracked by security agencies including the U.S. National Institute of Standards and Technology (NIST), CISA, and the NSA, apexanalytix said in its report, “The Quantum Paradox: Separating Hype From Reality for Supply Chain Leaders.”That strategy, known as “Harvest Now, Decrypt Later,” is used by nation-state and advanced threat actors, meaning that data could be retroactively exposed years from now, even if it is safely protected today with common standards like RSA or ECC.At risk is a wide range of companies’ most sensitive data: supplier invoices and payment information, commercial contracts and pricing terms, banking and account details, and compliance and regulatory records, apexanalytix said.To defend against that scenario, the report advises enterprise leaders to follow a roadmap including: conducting cryptographic inventories, updating third-party security requirements, improving supplier data foundations, and defining high-impact risk use cases that may benefit from future quantum advances.“The risk is not that quantum computers arrive tomorrow. The risk is that supplier data exchanged today cannot be secured retroactively, leaving procurement with avoidable cost, effort, and executive exposure,”…
