The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here are five things you need to know this week, as 2023 kicks into high gear.
The government prioritizes post-quantum cryptography for federal agencies
The Quantum Computing Cybersecurity Preparedness Act, a new law signed by President Biden late last month, requires the Office of Management and Budget to prioritize post-quantum cryptography for federal agencies when they receive new IT systems. The impetus of the bill, according to its text, is to stave off foreign attempts to steal sensitive encrypted data to hold until quantum systems are available to decrypt it.
This follows a November bill from the Office of Management and Budget that requires agencies to submit their cryptographic systems inventories by May.
The first step to crypto-agility: organizing your data
The post-quantum world will put even more stress on a short-staffed cybersecurity industry. Not only will the workforce need to grow — by 65%, according to a new study — many protocols like elliptic curve and finite field cryptography will diminish in their ability to withstand quantum computing attacks.
Migrating to quantum-resistant algorithms will be a massive challenge for the enterprise world, but while those developments take shape, there are steps organizations can take to improve their crypto-agility to stay ahead of tomorrow’s threats.
From inventorying and categorizing data by value and risk to testing and planning for a post-quantum world, CPO magazine weighs in on how organizations can start preparing today.
The private sector backs the government’s steps toward quantum security preparedness
The flurry of legislation around quantum computing has a bearing on the private sector, as well. As global adversaries pour billions of dollars into quantum capabilities, government agencies won’t be the only ones under attack.
As NIST projects to release its post-quantum cryptography standards in 2024, bad actors will seek to steal as much customer data and IP as possible before fault-tolerant mechanisms can be set.
To read more about how the government is working to become a leader in post-quantum cybersecurity and how these moves will impact the private sector, head on over to SDX Central.
Zero trust strategies will dominate 2023
As bad actors seek to compromise remote workers, third-party vendors, and legacy systems, network-based security becomes less and less effective by the day. Zero trust prioritizes the security of users and assets, which may more readily accommodate the demands of today’s landscape.
For several years, zero trust has floated in the conceptual ether. But in 2023, KPMG International predicts that zero trust technologies have finally matured enough to see actual implementation. This advancement may enhance existing security controls like micro-segmentation. When structured to reflect the actual workflows for business users, it can harden security postures with minimal imposition on productivity.
Zero trust adoption marked only one trend KPMG analysts anticipate. Check out the others on SC Media.
Machine identity and human identity go hand-in-hand when implementing zero trust
Citing Keyfactor’s 2022 State of Machine Identity Management Survey, VentureBeat wrote about how Identity Access Management (IAM) will be central to zero trust adoption.
Though malicious actors frequently target users through social engineering campaigns, the number of attacks involving machine identities has increased by more than 1,600% in the past five years. Gartner predicts that 75% of cloud security failures will result from issues related to managing identities, access, and privileges this year.
To get the full lay of the IAM land, read the VentureBeat piece in full.