惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Vulnerabilities – Threatpost
Security Latest
Security Latest
T
Threatpost
L
Lohrmann on Cybersecurity
Know Your Adversary
Know Your Adversary
Cyberwarzone
Cyberwarzone
S
Securelist
A
Arctic Wolf
W
WeLiveSecurity
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
H
Hacker News: Front Page
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
博客园 - 聂微东
博客园_首页
NISL@THU
NISL@THU
N
News and Events Feed by Topic
博客园 - 【当耐特】
S
Schneier on Security
阮一峰的网络日志
阮一峰的网络日志
Cloudbric
Cloudbric
P
Privacy International News Feed
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
宝玉的分享
宝玉的分享
Latest news
Latest news
美团技术团队
T
The Exploit Database - CXSecurity.com
S
Security Affairs
月光博客
月光博客
M
MIT News - Artificial intelligence
GbyAI
GbyAI
D
Docker
IT之家
IT之家
PCI Perspectives
PCI Perspectives
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
Kaspersky official blog
WordPress大学
WordPress大学
V2EX - 技术
V2EX - 技术
L
LINUX DO - 最新话题
P
Proofpoint News Feed
Google Online Security Blog
Google Online Security Blog
C
CERT Recently Published Vulnerability Notes
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
J
Java Code Geeks
I
InfoQ

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget
Craig Galbraith · 2026-06-24 · via Search Security Resources and Information from TechTarget

Quantum computing could break encryption in the next several years, and research suggests that few organizations are ready. Experts say CISOs must act now.

Cybersecurity executives have a long way to go before they are ready for a quantum computing world, researchers warn -- and they're likely running out of time.

A new report from Forescout Research Vedere Labs found that 90% of systems remain unprepared for Q-Day -- when a quantum computer can first break today's public-key cryptography. Some experts anticipate that moment will arrive by 2030, leaving enterprises with only a few years left to prepare. And while many organizations are slowly upgrading their SSH and TLS protocols to become post-quantum cryptography (PQC)-compliant, significant gaps remain.

It's time to adjust the mindset. We still talk to people who ask, 'Does that really affect my industry? Do I need to care?'
Daniel dos Santos, vice president of research, Forescout

"This isn't theoretical anymore," said Daniel dos Santos, vice president of research at Forescout. "It's happening. Whether we get a quantum computer [capable of defeating public-key encryption] by 2030, at this point, is somewhat irrelevant. It's time to adjust the mindset. We still talk to people who ask, 'Does that really affect my industry? Do I need to care?'"

When Vedere Labs started tracking the PQC transition a year ago, dos Santos said he would have rated the level of urgency CISOs should feel as a 2 or 3, on a scale of 1 to 10. Today, he rates it as higher than 5.

"It's not as simple as clicking a button and everything is migrated," he said, noting how comparable transitions -- to TLS 1.3 and IPv6 protocols, for example -- are still ongoing due to their complexity. "We're talking about road maps here for two, three, four, even five years to actually become PQC-safe and compliant."

Quantum computing risks and challenges

One group CISOs should probably assume is preparing for Q-Day: malicious hackers.

"Governments and cybersecurity agencies have warned for years that sophisticated adversaries may be collecting encrypted data today in anticipation of future decryption," said Lina Dabit, executive director of the office of the CISO at cyber advisory firm Optiv Canada, and formerly an inspector in the Royal Canadian Mounted Police's cybercrime team.

The public sector faces particular risk, with significant, ongoing nation-state campaigns targeting critical infrastructure and governmental organizations, Dabit added. Potentially compounding PCQ transition challenges is the fact that critical infrastructure, such as power facilities and water treatment plants, has long struggled with timely patching. That's something governments and the people they serve can ill-afford to overlook as quantum threats evolve.

According to experts, quantum is also particularly challenging for medical facilities and financial institutions, since they manage extremely sensitive data and operate under some of the most stringent regulatory requirements. Dos Santos said medical devices and ATMs are among the most difficult to secure.

As the former CISO and CIO of Silicon Valley Bank, Nick Shevelyov is well aware of the pending PQC threat and its potential impact on the financial sector. But he argued that previous transitions have prepared the industry for the current challenge, citing the industry's migration off the SHA-1 algorithm and the rollout of EMV chips on credit cards.

"Banking has run this play before," said Shevelyov, now founder and CEO at cybersecurity advisory firm vCSO.ai. "The lesson is that a long transition is won or lost on governance, not on technology. Resilience is execution, held together by governance."

The second lesson, he added, is to evaluate and quantify quantum risk much as an underwriter at a bank would: assess the value of the assets at risk, identify annual loss expectancy, and define tolerable and intolerable levels of risk.

"A migration nobody has put a number on is a migration nobody will fund," Shevelyov said.

How CISOs can prepare for Q-Day

While high-risk industries are leading the way in PQC readiness, experts warn that any organization with private or sensitive data must start preparing for Q-Day.

"The first thing you need to do is have visibility into your network to make sure that you know what is or isn't PQC-safe already," dos Santos said.

Security leaders must then get on the same page with their suppliers, he added. A CISO should consider any current equipment purchase, whether it has a five-year depreciation period and whether it will still be active when PQC is mandated. "These conversations need to start happening right now," dos Santos said.

Beyond identifying areas of quantum risk and planning migration, Vedere Labs recommended that organizations begin employing secure remote access to protect every interaction between a user and an unmanaged asset.

Chris Butera, acting executive assistant director for cybersecurity at CISA, said the transition to PQC is a "complex, challenging multiyear process" that requires collaboration with government and industry partners.

"We urge organizations to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors," he said, adding that it is important to update systems using a risk-based approach to incorporate current and future quantum-resistant encryption and safeguards.

What's ahead

The G7 nations, comprising the U.S. and six of its closest allies, adopted a roadmap targeting 2030 as a cutoff date for migration, anticipating that's when a quantum computer will be able to break encryption -- or be close to it. And while no penalty structure is in place for noncompliance just yet, it's likely to become a requirement for doing business as a vendor in many countries.

In other words, the clock is ticking as a quantum computing reality draws near.

Craig Galbraith is the founder and owner of Galbraith Multimedia, an independent journalism company that provides writing, editing, video hosting, podcasting, onstage presentation and consulting services to the technology industry.

Dig Deeper on Risk management