Interview: Carolyn Crandall, Chief Deception Officer, Attivo Networks

Written by

Recent talk of advancements in quantum computing as we entered the new decade have raised concerns.

Long heralded as the next frontier in computing, especially after Google claimed it has achieved quantum supremacy, which Dr Michio Kaku noted was “premature” as, while the computer was workable, it did not have any practical application for the consumer.

Kaku also said that “the race is on for the post-quantum era where we want to find defenses against methods used by quantum computers to break codes,” especially in an era where mainframes will be replaced by quantum computers, and where quantum cryptography is used to fight quantum cryptography.

Among the many emails that Infosecurity received at the start of this year, many did cite the concept of quantum computing. However, one took a slightly different angle, specifically that we “will begin to see more examples of the theft of encrypted data as cyber-criminals begin to stockpile information in preparation for the benefits of quantum-computing.”

That prediction was made by Carolyn Crandall, chief deception officer at Attivo Networks, who acknowledged the work done by Google and said that the reality is that “traditional encryption will become easy to crack.”

Speaking to Infosecurity, Crandall said that the concept of the power of quantum computing, and what Google was able to achieve, saw the enablement “to do something in three-and-a-half minutes what would have taken 10,000 years to complete.” She said that cracking and changing things in such a short time makes you wonder how much this can be overcome “and you wonder how you can keep your doors locked.”

So quantum computing is about being able to process faster, but also break things faster? “When someone is inside your network they can turn systems into zombies for cryptomining and it is a little scary to think that your own resources can be turned against you, and it can be done to crack encryption.”

Looking back at some notable stories from the past, Crandall pointed at the Marriott breach in which the attackers were inside the network for a long period of time, and she pondered that if they were able to collect encrypted data, they may have the capability in future to decrypt that data.

“If an attacker can get access to a quantum computer and get access to the data, and the owner believes it is safe, you can see how this starts to unfold and it should drive organizations to think about security differently,” she said.

In terms of the main point around attackers waiting for standards of technology to catch up, Crandall said that attackers are looking to get access to data “and people believe that it is encrypted, it is safe” even if it is breached. “However, that confidence really should not be there even if you start to look at things like quantum key distribution: nothing is a silver bullet and 100% foolproof, so you cannot have an over confidence that we can always win,” she argued.

“We need to be prepared for more sophisticated attackers with deeper resources and bigger pockets.”

She added that it could turn into a race of who has the access to what they want, and it will not all end up on black markets, but if a nation state were to get ahead “what would they do with that capability?”

As access to technology evolves and becomes more available and affordable, Crandall said we may see more theft of personal information and financial data. “The scariest part is the nation state stuff, as then you get into the realm of what happens if you take that technology and use it to crack into a SWIFT financial system?”

The case of quantum computing is now more about when than how, and Crandall said that there is a case of protecting the capabilities of technological advancements. So how long will it take for the concept of quantum computing to move to the mainstream? “I just hope it is used in good ways, versus used for destruction to the point where we figure out how we stay ahead of it.”

What’s hot on Infosecurity Magazine?