Quantum computing is often framed as an encryption problem. It will break today’s encryption, exposing sensitive data. While the risk is real, the impact extends beyond cryptographic concerns - one where attackers wield quantum-powered tools to disrupt identity management, evolve malware, and scale attack volume at an unprecedented rate.
This challenges APAC IT leaders to rethink defense strategies where conventional security approaches may no longer be sufficient.
“There are three critical risks with the first being the potential disruption of authentication protocols. With quantum-enhanced attacks, identity management which is a foundational layer of cybersecurity, becomes vulnerable. Attackers could break authentication mechanisms, impersonate legitimate users, and bypass access controls, putting critical systems at risk,” NCS Group’s senior partner, cyber, Siangtse Foo told iTnews Asia in a joint interview with NCS Group’s principal director, R&D and special operations, Hoon Wei Lim.
Second, the synergy of quantum computing with machine learning could spawn adaptive malware capable of outsmarting traditional safeguards.
Instead of static, rule-based malware, attackers will deploy adaptive threats that analyse security defenses in real time and dynamically adjust to bypass, said Foo.
Third, he added that quantum computational power allows attackers to scale up the volume, speed, and intensity of attacks
With quantum-assisted algorithms, attackers could generate highly convincing phishing messages at scale, using real-time data analysis to tailor messages to individual targets.
- Hoon Wei Lim, principal director, R&D and special operations, NCS Group
This means phishing attacks will become sophisticated, context-aware, and nearly indistinguishable from legitimate communications, said Lim.
While the broader cybersecurity implications of quantum computing are pressing, the cryptographic threat remains at the core of the discussion.
Organisations have until 2030 to prepare
The anticipated "Q Day" - when quantum computers can break widely used encryption algorithms - is projected to arrive by 2030.
Unlike the Y2K crisis, which had a clear deadline, the arrival of Q Day lacks a fixed timeline, however, quantum computers may break widely used encryption algorithms, leaving organisations with roughly five years from 2025 to strengthen defenses, said Foo.
Attackers are using "harvest now, decrypt later" tactics, collecting encrypted data today in anticipation of future decryption capabilities, once quantum computing becomes viable at scale.
- Siangtse Foo, senior partner, cyber, NCS Group
”SHA-1, a hash function deprecated since 2011, already crackable with GPUs - a sign that outdated cryptography exposes organisations now, not just later,” said Lim.
“The immediate steps APAC businesses should take to assess their vulnerabilities to quantum computing begin with a risk-based evaluation tailored to the organisation’s unique operating context and data priorities.”
According to Foo, the first action is to compile an inventory of cryptographic assets, including applications, services, and protocols, mapping them to their algorithms and vulnerabilities.
Additionally, businesses need to rank these assets by their business value, criticality, and sensitivity, focusing efforts on safeguarding the most essential elements.
He further added that attention must also be paid to legacy systems, where undocumented or outdated cryptography can lurk, complicating the transition to quantum-safe standards.
For larger enterprises, Lim advocates establishing a dedicated committee or task force to drive awareness and develop a roadmap for adopting quantum-safe measures.
This governance structure ensures a coordinated and proactive migration, bridging the technical assessment with organisational readiness, said Lim.
A multi layered defense approach is critical
Given the complexity of quantum security, businesses lack the in-house expertise required to navigate this transition. Partnering with quantum security experts and cybersecurity firms will be crucial in developing and implementing quantum-safe encryption strategies.
“Quantum threats extend beyond encryption, requiring organisations to adopt a multi-layered defense approach,” said Foo.
“We recommend that organisations strengthen their infrastructure security with advanced threat detection, AI-driven monitoring, and layered authentication mechanisms.”
For high-risk sectors including finance and government, Quantum Key Distribution (QKD) offers a potential solution for securing critical communications.
Foo mentioned QKD’s practical applications already underway, such as China’s Beijing-Shanghai Quantum Network, Singapore’s National Quantum Safe Network led by Singtel, and collaborations between the Monetary Authority of Singapore and banks, alongside efforts in South Korea.
However, widespread implementation faces challenges, including costs, the need for skilled expertise, infrastructure upgrades, and system rearchitecting.
According to Lim, organisations should consider Post-Quantum Cryptography (PQC), which involves developing cryptographic algorithms resistant to quantum attacks.
It offers a scalable approach to securing enterprise environments while balancing security and operational feasibility, Lim said.
The quantum advancement is already underway, extending beyond encryption risks to identity security, adaptive malware, and large-scale cyberattacks. This makes it vital to adopt a proactive strategy to counter both cryptographic and emerging quantum threats.
