The Cyber Threat Alliance (CTA) has joined a growing consensus among cybersecurity experts and organizations urging businesses to begin transitioning to quantum-resistant cryptography immediately. Their recent report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s Too Late, emphasizes that quantum risk is not a distant threat but a present one, as attackers are already employing tactics like “Harvest Now, Decrypt Later.” In these attacks, adversaries steal encrypted data now with the intent to decrypt it once quantum computers become powerful enough to break current encryption methods.
What is quantum-resistant cryptography?
Quantum-resistant cryptography—also known as post-quantum, quantum-safe, or quantum-proof cryptography—refers to cryptographic algorithms specifically designed to remain secure even if quantum computers become powerful enough to break today’s widely used encryption methods.
Traditional public-key cryptography, such as RSA and elliptic curve cryptography (ECC), relies on mathematical problems like integer factorization and discrete logarithms. Quantum computers, using algorithms like Shor’s algorithm, could solve these problems efficiently, rendering current encryption vulnerable. Quantum-resistant cryptography uses alternative mathematical approaches that are believed to be difficult for both classical and quantum computers to solve.
Cryptographic agility
The CTA advises organizations to focus on building “cryptographic agility,” which means designing systems that can adapt to new cryptographic algorithms with minimal disruption. This is particularly challenging for regulated sectors like finance and healthcare, where strict standards may limit flexibility. The solution, according to the report, is to embed agility within compliant frameworks, enabling organizations to pivot as threats and standards evolve.
The CTA’s message aligns with recommendations from other leading authorities, including NIST and the European Union, which have set clear timelines for transitioning to post-quantum cryptography (PQC). NIST recommends that organizations phase out existing encryption methods now, with full transition expected by 2035. The EU’s roadmap similarly calls for high-risk systems to be updated by 2030 and all systems as much as feasible by 2035.
You can read their full report below.
