The Quantum Threat: What Quantum Computers Are and How to Defend Against Them

Quantum computers may in the future break today’s asymmetric cryptography

The “harvest now, decrypt later” scenario is becoming an increasing threat

Companies should start addressing post-quantum cryptography and crypto-agility

In recent months, we have been seeing more and more articles about quantum computers. However, they pay much less attention to the very essence of the problem: what quantum computers really are and what impact they can have on data security.

What is a quantum computer

The name of the quantum computer is a bit confusing. It is not a regular laptop or server device. It is an extremely complex and sensitive system that often operates at temperatures close to absolute zero.

The fundamental difference from classic computers lies in how it works with information. Instead of bits (0 and 1), it uses the so-called qubits.

A qubit can be realized in various ways – for example, as a photon, an electron, an atom, or a so-called quantum dot (an artificially created "atom"). There are also experimental approaches, such as the use of superconducting circuits or magnetic states.

Unlike a classic bit, a qubit can exist in multiple states at the same time (so-called superposition). Another important phenomenon is entanglement, which allows a change in one qubit to affect another, even if they are separate from each other.

These properties allow quantum computers to efficiently solve certain types of problems that are practically unsolvable for classical computers in a reasonable amount of time.

What can be done about it

It is a mistake to consider quantum computers to be a distant future. There are already functional prototypes that are used in research.

They are used, for example, in:

materials Science (Simulation of New Materials)
pharmaceutical research (molecular modelling)
optimization tasks
physics and mathematics

It is not a universal replacement for classic computers, but a specialized tool for specific types of calculations.

Quantum Computers and Cryptography

One of the most crucial areas where quantum computers pose a risk is cryptography.

Today, cryptography protects virtually all digital communications – from emails to banking transactions to IoT devices. Most of these systems are based on mathematical problems that are difficult for classical computers to solve (e.g. decomposition of large numbers in RSA).

However, quantum algorithms, such as the Shor algorithm, can solve these problems much more efficiently. This means that the asymmetric encryption commonly used today can be cracked in a matter of months on a sufficiently powerful quantum computer. In addition, recent studies [1,2] seeking to optimize these algorithms indicate a trend where the performance requirements of a quantum computer are significantly reduced.

It is important to add that symmetric cryptography (e.g. AES) is more resistant to quantum attacks, but even here there is a reduction in the security margin. The reduction is based on the principle of Grover's algorithm, which can theoretically speed up brute force attacks when searching for the key[MK3] [JS4].

A real threat

Although full-fledged quantum computers capable of breaking current cryptography are not yet widely available, development is progressing rapidly. The already mentioned optimizations of quantum algorithms then further increase the urgency of this threat.

The "harvest now, decrypt later" scenario, in which attackers can intercept encrypted communications today and decrypt them in the future, further complicates the situation.

Among other things, the following are at risk:

long-term stored data (e.g. archival communications, medical data)
cryptocurrencies, including Bitcoin, that rely on asymmetric cryptography
long-lived IoT devices where it is not realistic to perform regular updates
firmly embedded certificates and keys in the firmware
long-term used authentication means (e.g. passwords, digital certificates)

These factors show that a reactive approach cannot be relied upon alone. In many cases, you are already making decisions about data security in the horizon of decades.

Regulation and Ecosystem Pressure

In addition to technological developments, regulatory pressure is also increasing. The European NIS2 Directive places higher demands on cyber risk management, including cryptography and data protection. Although it does not explicitly require post-quantum cryptography, the emphasis on state-of-the-art security in practice means that organizations will also have to respond to the onset of quantum threats. Therefore, it can be expected that post-quantum cryptography (PQC) will become part of both regulatory and audit requirements in the coming years.

Organizations will thus not only address quantum resilience from a security perspective, but also from a compliance perspective.

At the same time, there is pressure from the tech ecosystem:

cloud service providers are gradually adopting post-quantum solutions
new versions of protocols and libraries may limit support for older algorithms
platform hardware and software will transition to new standards

Organizations that do not prepare may encounter not only security but also operational problems (compatibility, support, certification).

How to defend yourself

The situation is not a reason to panic, but to prepare. The key is to understand your own risk and adjust your security strategy accordingly.

The basic steps include:

1. Cryptography inventory
Map where you use cryptography, including keys, certificates, and long-term stored data.

2. Regular updates
Many technology companies are already implementing post-quantum solutions. It is important to keep systems up to date.

3. Increase security standards
For example, switching from AES-128 to AES-256 GCM increases resilience to future attacks.

4. Hybrid cryptography
The combination of classical and post-quantum algorithms (e.g. X25519 + ML-KEM-768) is now considered a practical, backward-compatible intermediate step in migration.

5. Cooperation with suppliers
e interested in how your suppliers are preparing for the advent of quantum technologies.

6. Long-term planning (crypto-agility)
Design systems so that cryptography can be easily changed in the future without major interventions in the infrastructure.

7. Compliance and regulatory readiness
Monitor the evolution of standards and regulatory requirements related to post-quantum cryptography and take them into account when planning migration and managing risk.

Conclusion

Quantum computers are not just a technological curiosity, but a real change in cybersecurity.

It will not be an immediate breakthrough, but a gradual transition for which you need to prepare in time. In addition to security risks, regulatory pressure and technological development of the ecosystem will also play an increasing role.

Organizations that start addressing quantum security today will have a significant head start in the future.