SandboxAQ

2026 RSAC Conference exhibit hall crowd

Reporter’s Notebook: What happened to ‘Q-Day’?

Lou Covey

Time to dig into the RSAC Conference notes. It was only three years ago that vendors were warning of Q-day, the day quantum computers could break current encryption, filled the pages of technology publications and even general news outlets. Those warnings are much more muted this year. What happened?

Primarily, the work of NIST solved the issue in setting new standards for encryption. All the post-quantum computing companies, like PQShield and SandboxAQ, are offering encryption products that are more alike than they are different and all are doing good business providing tools and services. We seem to be more than ready for the dreaded Q-Day.

Then, again, the progress on creating an encryption-breaking quantum computer is maddeningly slow. The industry still insists 2029 is the Q day ETA, and it will break military-grade encryption in one week… on a single document. Assuming a nation state that has such a computer has stolen 20,000 encrypted documents, it would take 38 years to decrypt them all. But the number of stolen encrypted documents, although inestimable, is probably orders of magnitude higher. So reality mutes the projections of potential disaster.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here
Read more...
Hacker taking control of Marriott Hotel customer data

Third-party security is almost impossible

Lou Covey

There are many themes arising for the RSA Conference next week including tools and services to protect against originating with unsecured third parties in the supply chain. That is a crucial issue in every industry especially with almost every company doing business with a supplier in the cloud. But the scope of the problem is almost impossible to resolve. The reasons are myriad.

With every Fortune 1000 business and government agency doing business with tens of thousands of third-party suppliers, the odds of finding one chink in the security protocols are very good for the criminals and state actors looking to do damage.

Social engineering can easily bypass the strongest technical defenses. It only takes a single lapse in digital hygiene to open the door to man-in-the-middle attacks, invite malware injections, and launch credential stuffing. It is also the favorite strategy of ransomware gangs.

Ransomware grabs headlines and remains highly lucrative for ransomware gangs. When compared to other forms of cybercrime, however, ransomware is really a minor issue. There are more than 33 million small businesses (under $100 million in revenue) operating in the United States alone representing 99 percent of all businesses. However, according to a study produced by the Black Kite Research and Intelligence Team, less than 5000 of them experienced a successful ransomware attack in the last 12 months...

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...