How Businesses Should Approach the PQC Transition

https://www.infosecurity-magazine.com/interviews/how-businesses-approach-pqc/

Publish Date: 2025-11-24 23:30:11

Source Domain: www.infosecurity-magazine.com

Recently standardized by the US National Institute of Standards and Technology (NIST) to safeguard systems from threats utilizing the “harvest now, decrypt later” strategy, post-quantum cryptography (PQC) targets the threat actors who aim to break current encryption algorithms through future quantum computations. Speaking during the ISACA Europe 2025 conference, Shahram Mossayebi from Crypto Quantique dispelled some myths about quantum computing and recommended a thoughtful, risk-based approach by organizations to transition to PQC. He underscored that quantum computers won’t be commonplace and won’t disrupt all aspects of life as currently feared since they are limited by computational complexity theory. Mossayebi advised against waiting for quantum computers to transition to PQC, emphasizing that the risk of “harvest now, decrypt later” necessitates immediate action. According to him, organizations should adopt ‘crypto agile’ methodologies by creating an abstraction layer that will manage encryption standards and easily adapt to future standards as new threats emerge. This approach would minimize costly transitions in code-lines across the entire infrastructure.

Key Points:
– Quantum computers don’t offer universal computational advantages, but excel in specific tasks.
– The risk of quantum computers poses a long-term threat, necessitating today’s PQC preparations.
– Organizations should adopt ‘crypto agile’ strategies to easily switch encryption standards as needed.
– The NIST standardization process includes a continuous, future-proof update mechanism for cryptographic algorithms.
– PQC transition prioritization depends on the organization’s risk assessment of asset longevity and decryption threats.