There is an imminent need for cryptography and detection practices to level up for what’s about to happen. Quantum computing is getting closer and closer to being used in the enterprise and by bad actors.

Some reports have it as early as next year. A recent Omdia study from manufacturers found nearly 40% expect their customers to begin using quantum for operational purposes in 2026, according to IoT World.

How fast true adoption will take is debatable, but the advances in quantum computing speeds are a ludicrous force multiplier for complex supercomputing and operations. What was once only in the hands of the military-industrial complex and academia will soon find a home in commercial use – in business and in critical infrastructure. We’re talking processing speeds of 100 million times faster or more.

There’s more to it than that – there are ‘qubits’ that exist in superposition and can be both 0 and 1 simultaneously. Along with entanglement and quantum tunneling, quantum machines process complex calculations at speeds unattainable by classical computers.

 

The Benefits and Dangers of Quantum Cryptography

Quantum is fantastic news for business applications. Think AI use and adoption. But it has serious implications for the security of your business. Quantum computing  will allow the brute-force decryption of today’s cryptographic models, primarily PKI (which is used by 99% of communications today).

Cracking hashed passwords is already a cybersecurity issue as newer chips continue to blow away today’s processing speeds. Hive Systems suggests with a big budget to spend on the most advanced Nvidia chips, a complex 8-character password with numbers, upper/lowercase letters, and symbols could be cracked in as little as 3 months. A numbers-only password with the right processing could be cracked instantly. This is without today’s quantum speeds.

Even if sensitive data remains secure now, it could be vulnerable in the future if it retains its value over time — a concept known as ‘long-term confidentiality’. For example, diplomatic communications, military intelligence, and proprietary corporate information could all be at risk.

 

What About PKI?

Today’s encryption standard, PKI, still matters and will continue to matter in the future but it will diminish in its ability to be trusted.  Certificates, certificate authorities, and TLS will still rely on PKI but other technologies like SKA or post-quantum key exchange platforms will likely become a trend. PKI updates to the key exchange and the signature algorithms will be needed to ensure they are quantum safe which is a tall task for the 10B+ connected devices in the world

Today, PKI has an implied sense of security. The verification process is deemed secure by today’s standards because it used to take thousands of years for a traditional computer to factor such a large number.

But are you sure you can fight off quantum calculation speeds? The time to act is here.

Based on what we’ve been watching for many years, this security challenge is problematic. Data and secure communications as we know it are absolutely at risk because of the ‘harvest now, decrypt later’ movement courtesy of nation-state actors.

There are four key actions in play today:

  1. Demand and competition for AI and its market share are driving quantum computing
  2. Huge volumes of data are being exfiltrated now
  3. In less than a year, quantum is expected to be ‘useful and operational
  4. Despite availability, not nearly enough organizations are using the right defenses

The good news? Everyone can prepare to minimize the harm. And most importantly, there are innovative solutions, today, that are here to help. Let’s explore the ideas and innovation behind Forescout’s Quantum Safe Security Assurance.

 

Encryption History: Why It Matters

Encryption has been used for a very long time – and it has been an effective defensive mechanism. It was born out of the need for intelligence agencies to send secret messages. It essentially wraps or converts information into secret code that hides the information’s true meaning. The science of encrypting and decrypting this data is cryptography.

In the early 1970s, the internet was tested and adopted by the U.S. Department of Defense and U.S. military – with work from engineers in academia. This was way before it became the engine of business that it is today. Systems for encryption made by the private sector, such as RSA, began in the late 1970s. Encryption continued to evolve in IT practices with the major adoption of TLS 1.0 using RSA and ECC in 1999 — and the explosion of consumer and business use of the internet.

 

Key Discoveries in the Evolution of Quantum Cryptography

  • In 2016, the National Institute for Standards and Technology (NIST) saw the potential for danger and recommended the use of post-quantum cryptography (PQC) – which can secure your data from quantum calculations.
  • By 2023, adoption of PQC began.
  • Harvest Now, Decrypt Later: NSA and GCHQ have warned that adversaries may be collecting encrypted communications now, anticipating that quantum computers will eventually break current encryption standards.
  • That warning isn’t theoretical. Look at all the data taken in SALT/VOLT Typhoon breaches from ISPs and SASEs in 2024.

The latest research from Forescout’s Vedere Labs shows many early adopters migrate to quantum-safe technologies, but that rate of growth is expected to decrease. Key data:

  • Three-quarters of OpenSSH versions on the internet still run versions released between 2015 and 2022 that do not support quantum-safe encryption.
  • Less than 20% of TLS servers use TLSv1.3 — the only version that supports PQC.
  • ‘Early adopters’ will update ASAP, but the number of people who can easily update servers/devices will decrease — a common legacy device problem in IT and OT.

 

What’s At Risk?

As we wrote last year in Post-Quantum Cryptography: An Urgent Global Cybersecurity Imperative: “The transition from classical to quantum-resistant cryptography is not merely a technical upgrade but a fundamental overhaul of our security infrastructure. The time and resources required to implement new cryptographic standards across global networks are substantial, and the window to do so before quantum computers become a practical threat is narrowing.”

For individuals and corporations, the threat extends to privacy violations, intellectual property theft, and financial fraud. Personal data, trade secrets, and financial transactions could be exposed, leading to a loss of trust in digital systems and severe economic repercussions.

 But more specifically, here’s a short list of the kind of assets you see every day – and common scenarios you encounter: 

  • Devices with older operating systems
  • Unpatchable IoT devices
  • Custom-built applications
  • Most OT systems
    • Many are on 20-year upgrade cycles
    • Most have slow patching cycles every 6 to 12 months

At-Risk Scenarios:

  • Communications from public networks including ISPs
  • SASE solutions or public shared networks (you need to provide a private encryption key)
  • An attacker inside a trusted network

 

What’s Quantum Safe Already?

Not enough. Today, PQC adoption is nascent.

Around 6% of global devices are using PQC – and less than 20% of global communications use Transport Layer Systems (TLS) 1.3 – which is the most secure version for handshake communication, based on Forescout’s research. The main security benefit is that TLS 1.3 doesn’t allow older, vulnerable cryptographic versions to connect.

But with over 80% of organizations not using it, there is a fair amount of migration work still to be done. Using a PQC-safe cypher is certainly the move.
 

Forescout’s Four-Pronged Approach to Handling Quantum Threats

Forescout’s patented technology analyzes the ciphers used in communications internally and externally. Those ciphers are benchmarked against their quantum computing safety. The result is risk scoring of every asset, including their ability to communicate using quantum-safe encryption.

But we don’t just detect if they ‘support quantum safe’. Instead, we detect if they are communicating ‘non-quantum safe’ in real time. Forescout gives you actual behavior analysis versus a static assessment.

There are scenarios where devices could be quantum safe but be tricked to fall back and use an unsafe cipher. Forescout will detect these kinds of issues since the true threat are communications flowing from inside the network to outside – or over a public network – where they are susceptible to the threat.

Positioned at the network layer, Forescout can detect risky encryption usage even when devices attempt to hide their identity or posture. The Forescout 4D Platform™ provides a four-pronged, quantum-safe strategy — detect, enforce, mitigate, control:

  • Detect: Forescout invented and patented a method to identify PQC-safe assets in real time, offering cryptographic posture visibility across hybrid networks.
     
  • Enforce: With Forescout eyeSegment, organizations can isolate critical systems and secure communication pathways with network segmentation.
  • Mitigate: Backed by threat intelligence from Vedere Labs, Forescout helps detect rogue assets or misconfigurations to swiftly target policy enforcement.
  • Control: Forescout protects any devices that could be at risk by limiting their traffic.

 

What Can You Do About It Today

  1. Adopt PQC for devices which must communicate over third party infrastructure.
  2. Ensure trusted network infrastructure is protected from attackers or use network tools who that can access SPAN ports.
  3. Avoid the use of ISP’s and SASE tools for critical applications and highly secured systems.

See How