About Us
The Quantum Cliff: Why your data is compromised
- Algorithm
Melgorithm
By Mel Migriño
In my last business trip for 2025, I happened to chat with a cyber advocate from a global association of security professionals. She has a deep interest in technology considering her massive physical security background.
I would say she worked overtime to continuously supplement her IT security skills and experience. She shared with me her difficult moments on how she has to make her way in an industry where leaders are primarily men.
Honestly, I like the energy that exudes from her – I sensed the strong emotional resilience and vitality. We talked over a cup of coffee in the library lounge about emerging technologies like quantum computing, blockchain and how developing countries can crack down the barriers of digital adoption. Let me share with you some of the insights – I had to zero in on quantum computing.
The security foundations of the modern digital world are built on a mathematical bedrock that is about to crumble. Every piece of encrypted information—from securing bank transactions and applying secured connections through the ‘still widely used’ VPN to proprietary trade secrets and government secrets—relies on the inherent difficulty of factoring massive prime numbers.
This defense mechanism, which has protected us for decades, will be rendered obsolete by the arrival of a sufficiently powerful quantum computer utilizing quantum algorithms like Shor’s Algorithm. This isn’t a future crisis but it is the present reality known as the Quantum Cliff.
The significant immediate threat is not the quantum computer itself, but the pervasive execution of Harvest Now, Decrypt Later (HNDL) attack, blockchain manipulation and identity theft.
For enterprise businesses and government agencies, this scenario transforms from a theoretical risk into an immediate business imperative that demands executive attention. Any organization handling sensitive data with a shelf life of five, ten, or even more—be it intellectual property, patient records, or financial models must assume their secured information is already compromised or near to compromise.
This realization triggers a huge, costly, and mandatory infrastructure overhaul: the migration to Post-Quantum Cryptography (PQC). Successfully navigating this transition requires more than just replacing software; it demands a deep investigation and audit, known as a cryptographic inventory, to locate every single instance of vulnerable encryption across an entire enterprise.
The race is officially on, and the cost of inaction far outweighs the significant investment required for quantum readiness.
To manage and control these threats, global standards bodies like the U.S. National Institute of Standards and Technology (NIST) conducted an eight-year process to identify and standardize algorithms designed to be secure against quantum computers.
This includes algorithms for encryption, such as ML-KEM (formerly CRYSTALS-Kyber), and digital signatures, like ML-DSA (formerly CRYSTALS-Dilithium) and FALCON. Further, NIST has selected backup algorithms, like the HQC algorithm, to provide a second layer of defense in case the primary algorithms are ever compromised. The migration is to be done in phases with continued implementation guidelines and proposed deadline of 2030 for deprecating older algorithms. Organizations can prepare by:
- Conducting a cryptographic inventory to identify all systems that use encryption
- Reviewing the system design and develop strategies to adopt to crypto-agile policies, architecture and testing
- Developing a phased approach migration plan prioritizing sensitive and critical information
- Assessing the feasibility of using hybrid approaches
This is not an easy task. It is highly recommended to engage with technology solutions architects who have prior implementation experience in critical industries to guide business enterprises and government agencies in carrying this out. Technical teams must undergo training towards a deep understanding of this technology and its complexities.
From a top management and business executives perspective, training on the quantum computing business imperatives must be done.
The advent of the quantum computer is not a disruption that may happen, but a cryptographic deadline that is already here. The immediate threats mean that every organization is already or will soon be hemorrhaging sensitive data; DLT is at risk in breaking the public key cryptography in blockchain that will be compromised once the final quantum machine is built soon.
Ignoring, accepting or delaying implementation is not a viable risk mitigation option; it is a guaranteed security failure with profound financial and reputational consequences. The technological solutions, standardized by NIST, are already being built and continuously being supplemented.
Therefore, the ultimate business imperative is clear: companies must assess and prioritize the expensive, non-negotiable process of cryptographic inventory and infrastructure hardening. The time to plan for Post-Quantum Cryptography is now.