5 Steps for Middle Eastern Businesses to Prepare for Post-quantum Security

With quantum computing set to shake up cybersecurity, CyberArk’s Kevin Bocek offers steps for companies in the region to secure encryption in the post-quantum era

It is notoriously difficult to predict exactly when certain technologies will come to fruition, and quantum computing is one of them. However, recent advances suggest that organisations should – for the purposes of cybersecurity – assume that quantum computing will be a reality sooner rather than later.

This means that time is already running out for companies to prepare for a world where traditional cryptography – which currently underpins all web-based applications – could be rendered obsolete.

Quantum machines could crack encryption systems that take traditional computers decades to break in just minutes, and some industry experts predict that quantum will start compromising public-key cryptography by 2029, although recent advances in China, and research from Google, suggest the timeframe could shorten even further.

Given that cybercriminals will likely start harvesting encrypted data now and store it while they wait for quantum decryption methods capable of cracking it, there is no time to lose for businesses in the region to prepare for the post-quantum world.

Here are five practical steps your organisation can take today to begin shifting to quantum-resistant cryptography:

1. Run a cryptographic discovery. You can’t secure it unless you know it exists. Prioritize a discovery exercise to pinpoint precisely where and how you use public key encryption across your enterprise.
2. Explore and adopt PQC standards. In July 2024, the National Institute of Standards and Technology (NIST) released the first three encryption standards designed to withstand decryption efforts from a quantum computer. Explore what’s best for your organization and begin transitioning. NIST suggests that all vulnerable systems be deprecated within five years.
3. Segment your data and encrypt in layers. This is part of a smart defence-in-depth strategy. If one layer cracks, another layer will be in place to keep things secure. Of course, this also means more keys will need to be managed.
4. Plan for crypto-agility. Since threats are ever-evolving, your infrastructure must be architected for change. Future-proof your systems to rapidly adapt cryptographic mechanisms, such as algorithms and key management practices, without disrupting the broader infrastructure.
5. Rotate your encryption keys and shorten certificate lifespans. Frequent key and certificate rotation reduces the window of exposure if a key is compromised and forces organizations to automate certificate management. This not only strengthens your current security posture but also builds the agility needed to adopt post-quantum cryptographic (PQC) algorithms, which demand more frequent and flexible updates.