The theory of quantum encryption has been known and understood since at least 1984. That’s when physicists proposed sending encryption keys in accordance with the laws of quantum mechanics and limitations imposed by the Heisenberg uncertainty principle. This principle maintains that the position and movement of a quantum particle cannot both be determined at the same time. Any attempt to measure the particle’s position alters its movement, and vice versa.
The quantum encryption theory attaches a key code to photons that are then transmitted to a receiver. If a hacker intercepts the photons during transmission, that hacker’s attempt to read the encryption key will alter it and make it ineffective to decrypt any accompanying messages. Communications therefore become “hack proof” with quantum encryption. The technology is not yet commercially available to install quantum encryption methodology into a communications channel, but that time is rapidly approaching.
Like chains, however, cyber security systems are only as strong as their weakest link. Even the strongest possible encryption will work only with respect to communications that are actually encrypted from end to end. Modern information system networks present many avenues of entry to hackers that allow them to bypass strong encryption.
For example, a virtual private network can cloak messages into and out of the network with strong encryption.But other online accounts that hold the same data and information might remain fully exposed. This does not suggest that organizations should not incorporate strong encryption methodologies into their greater cyber security strategies. Rather, it indicates that those organizations need more than just strong encryption to shield the confidential and proprietary data on their networks from cyber attackers.
Moreover, in theory not even the strongest encryption, including quantum encryption, is unbreakable. The human factor will always increase the risk of data breach. Like other encryption technologies, quantum encryption assumes that both the message sender and recipient are trustworthy.And that their encryption and decryption equipment is safe from prying eyes. It also assumes that the equipment is not flawed in some other way. Whether quantum encryption becomes the future standard for data security in private messaging will be a function of whether these other factors can be controlled as well.
Until such time – and perhaps even beyond – organizations will need to maintain robust cyber security practices that consider every weakness in a data protection scheme. Technology solutions, such as firewalls and other perimeter defenses, need to be installed and maintained. Similarly, employees need to be trained to recognize attempts to breach the organization’s cyber security. This include such threats as phishing attempts and fraudulent email messages.
To the extent that a successful data breach is inevitable, organizations also need a strategy to recover from the breach and to compensate for any damages that flow from it. One person should be designated to manage all data breach responses and communications with third parties. Customers and appropriate regulatory authorities should also be notified of the breach. If confidential customer information has been leaked to hackers, it is better to get in front of the story rather than to have it come back on you.
An organization will inevitably suffer losses and liabilities to third parties following a successful data breach. To compensate for those losses and liabilities, organizations can now procure cyber protection insurance. In many cases, that insurance may be the sole factor that keeps an organization in business and prevents it from shutting its door permanently.
One of the more encouraging aspects of quantum encryption is that is represents a genuine effort to combat the growing threat of cyber attacks. Hackers are becoming more sophisticated, but cyber security defense strategies are improving to meet that challenge.