Harvest Now, Decrypt Later: Data Stolen Today Is at Risk in the Future

Quantum computing is a rapidly developing technology, with world-leading economies like the US, China and Western Europe competing to advance it. While quantum does not replace traditional computing, there are specific types of calculations that it can complete much, much faster.

One such mathematical problem happens to be at the core of all current encryption standards. These standards have been a cornerstone of IT security worldwide for decades because, without the decryption key, decrypting data takes so long that the process is rendered pointless. However, quantum computers will not have this limitation, which will make current encryption standards useless.

Although quantum technology is not likely to reach this milestone for 5–10 years, malicious actors are already harvesting encrypted data from both public and private organizations, in anticipation of being able to decrypt and leverage it later. This article identifies the organizations most at risk and provides recommendations on how to mitigate the threat.

Who is at risk?

Harvest now, decrypt later (HNDL) attacks focus on data that will retain its value until quantum-powered decryption becomes available to unlock it, such as sensitive business information, research data and intellectual property. HNDL attacks do not target transactional data or payment card information, which lose value relatively quickly due to expiration or obsolescence.

Consequently, top targets for HNDL attacks include government bodies, especially those associated with the military. For example, back in 2015, the US Office of Personnel Management suffered a breach of approximately 21.5 million records. Some of this data is so sensitive, that its future decryption can impact lives and national security even decades after adversaries obtain it. 

Hospitals and other healthcare organizations are also at high risk for HDNL attacks. Medical records are already valued higher than, for example, credit cards or PII on the dark web. Personal healthcare information like medical conditions, histories, or genetic information is of enduring value. Breaches of health data often have a direct impact on the data subjects, which can be used to extort the victim organization and serve as a foundation for a wider attack.

Commercial organizations with long research and development cycles, such as those in the manufacturing and pharmaceutical sectors, are also in danger of having their data harvested. The nature of their business means that research can last over a decade and therefore stolen data is likely to be valuable for years.

Five Steps to Mitigate the Risk of HNDL Data Breaches

1. Identify the types of data being stored.

Technical and business teams should work together to assess the types of data that the organization possesses, along with the value and shelf life of each data type. This initial business risk assessment will drive the technical mitigation strategy. Executive buy-in is essential because project urgency, depth and costs will vary greatly depending on the results of the assessment.

2. Discover the data.

Once the organization knows which data is useful to adversaries, it needs to concentrate its security efforts on what really matters. Data discovery and classification will provide a clear understanding of the scope of the project, and visibility into data access rights will offer insight into data exposure.

3. Mitigate data risks.

Next, the organization should ensure that all data likely to be targeted in HNDL attacks is difficult to access by implementing additional security controls around it. Start with network security basics like VPN-only access to the most critical data and network segmentation. Then, rigorously enforce the least privilege principle by eliminating unnecessary permissions. Consider implementing just-in-time (JiT) access so that access privileges exist for only as long as needed.

4. Stay alert.

HNDL attacks are more likely to go undetected than other types of attacks. For example, ransomware infections become obvious as soon as the cybercriminals freeze business operations and demand a ransom. But HNDL attackers work hard to stay unnoticed so they can continue to silently harvest data for as long as possible.

To spot HDNL attacks, organizations should establish ongoing monitoring and threat detection. They should also consider implementing threat hunting, either in-house or through a third-party vendor. Security analysts will regularly examine logs for suspicious activity that could indicate adversaries lurking in the environment or signs of data exfiltration, enabling further investigation. Understanding the motivation of HNDL threat actors and which data is most attractive to them results in more tailored threat hunting.

5. Stay informed.

Quantum computing is a very expensive technology, so it is likely to appear not in someone’s basement but rather as a dedicated state-level project. Nevertheless, the threat is real and efforts to combat it have been underway for several years. In 2022, the US National Institute of Standards and Technology (NIST) announced the first 4 quantum-resistant cryptographic algorithms. In 2023, US President Biden issued a declaration that threats resulting from advancements in quantum computing constitute a national emergency.

Organizations whose assessments reveal that they are at high risk from HNDL attacks are more likely to participate in the NIST workgroups and be early adopters of new quantum-resistant encryption algorithms. The rest of us need to stay aware and learn from these early implementations.

The power of action

If organizations follow encryption best practices, the sensitive data harvested in HNDL attacks will not be immediately useful to cybercriminals. However, the rapid advancement of quantum computing technology makes it likely that they will be able to decrypt the stolen data in the near future. At that point, the victim organization could suffer serious consequences, from damaging its reputation to jeopardizing its very existence. Accordingly, it is crucial that all public and private businesses that hold evergreen sensitive data acknowledge the risks associated with data harvesting and take steps to prevent data breaches.

Related News:

Netwrix Solutions Expanded Its Global Partnership Network by 36%

Olympic Games Traveling Tips from Netwrix to Avoid Being Scammed


About Author

Ilia Sotnikov is Security Strategist & Vice President of User Experience at Netwrix. He has over 20 years of experience in cybersecurity as well as IT management experience during his time at Netwrix, Quest Software, and Dell. In his current role, Ilia is responsible for technical enablement, UX design, and product vision across the entire product portfolio. Ilia’s main areas of expertise are data security and risk management. He works closely with analysts from firms such as Gartner, Forrester, and KuppingerCole to gain a deeper understanding of market trends, technology developments, and changes in the cybersecurity landscape. In addition, Ilia is a regular contributor at Forbes Tech Council where he shares his knowledge and insights regarding cyber threats and security best practices with the broader IT and business community.