Tag: quantum computing

Posted on by

Quantum computing in cyber security: A double-edged sword

Despite investor scepticism, prominent quantum computing stocks have seen a notable rise at the beginning of 2025. Even prominent tech leaders like Jensen Huang and Mark Zuckerberg stating the field won’t be profitable hasn’t stopped investors and the wider public from being excited. 

In cyber security, however, quantum computing offers both unprecedented capabilities and significant threats, making it a double-edged sword that demands careful navigation. Just as white hat hackers can use it to bolster defences, their malicious counterparts might be able to supercharge their efforts, too. 

But how do we grapple with this quantum quandary? That’s exactly what we’ll tackle in this article, as we must collectively ensure they are not blindsided by the risks while leveraging its advantages.

Due to the presence of qubits, quantum systems can perform multiple calculations simultaneously, exponentially increasing computational power for specific tasks. 

For cyber security, we already know this means quantum computers could break widely used encryption methods, particularly those relying on factoring large prime numbers, such as RSA and ECC.

These encryption standards form the backbone of secure online communication, financial transactions, and digital identity verification.

The versatility of quantum computing goes beyond cracking encryption. Its computational power could revolutionise cyber security applications by improving pattern recognition, anomaly detection and optimisation algorithms. Tasks that once took days or months to process could be executed within minutes, drastically reducing response times to potential threats.

Breaking encryption: A looming threat

Classical cryptography, based on mathematical problems too complex for current computers to solve within a practical timeframe, faces obsolescence in the quantum era. Shor’s algorithm, a quantum computing method, can efficiently factorise large integers, undermining RSA encryption’s security. 

Just for comparison, in the context of Shor’s algorithm:

  • A traditional computer might need trillions of years to crack a 2,048-bit RSA key.
  • A quantum computer would need hours, if not days, to perform the same action. 

Similarly, elliptic curve cryptography (ECC), celebrated for its efficiency, is vulnerable to the same algorithm. This vulnerability jeopardises everything from personal data protection to national security. 

Hence, experts fear that hackers equipped with quantum capabilities could decrypt intercepted communications, exposing sensitive corporate or governmental information. And we all know how hard it is for politicians to adapt to modern tech. 

Even data encrypted today could be at risk due to the “harvest now, decrypt later” strategy, where adversaries collect encrypted data now, anticipating quantum decryption in the future. The implications extend to industries like banking, healthcare and energy, where secure communication is paramount.

Strengthening cyber security with quantum technology

It’s not all doom and gloom, as quantum computing offers plenty of tools to counter these threats. Quantum Key Distribution (QKD), for instance, uses quantum mechanics to establish secure communication channels. As a result, any attempt to eavesdrop on quantum-transmitted keys would alter their state, immediately alerting both parties to the intrusion.

In addition to QKD, quantum random number generation (QRNG) is another promising application. Unlike classical methods, which rely on algorithms that could be predicted or replicated, QRNG leverages the inherent unpredictability of quantum processes to create genuinely random sequences. This strengthens cryptographic protocols, making them more resistant to attacks.

Last, but most certainly not least, quantum-enhanced machine learning could also aid in identifying and mitigating cyber threats. If the current applications of ML seem daunting, think of what quantum ML can do by analysing vast datasets more efficiently than classical systems. Quantum algorithms could detect subtle patterns indicative of an attack, enabling earlier intervention.

Post-quantum cryptography: The immediate response

The cyber security industry is not waiting passively for the quantum threat to materialise. Post-quantum cryptography (PQC) aims to develop encryption algorithms resistant to both classical and quantum attacks. 

Standards bodies like the National Institute of Standards and Technology (NIST) are already advancing PQC algorithms, with several candidates already released or in the final stages of evaluation.

Despite the apparent defensive potential, transitioning to PQC involves significant logistical challenges. Organisations must inventory their cryptographic assets, evaluate quantum risks and implement new algorithms across their systems. 

For industries like finance and healthcare, where data sensitivity is paramount, the transition timeline could stretch into years, requiring immediate action to stay ahead of quantum advancements. 

The degree of difficulty gets even higher if legacy systems are being relied upon, as backwards compatibility in a quantum context isn’t something developers of old thought about. 

Likewise, PQC adoption requires extensive testing to ensure compatibility with existing systems and resilience against emerging threats. This, unfortunately, means allocating additional resources to train personnel, upgrade infrastructure and maintain compliance with evolving regulatory requirements.

Mr Hyde: How cyber criminals benefit from quantum computing

We’ve spent a lot of time discussing how quantum computing can aid in defending our data, but white hat hackers and red teams aren’t the only ones interested in these advancements. 

Nation states and cyber crime conglomerates with nine-figure sums to spend will certainly finance the R&D of offensive tools, which can pose problems for everyone from governments to small businesses. 

In particular, sophisticated attacks, such as quantum-enhanced phishing or cracking biometric data, could exploit quantum-powered pattern recognition to unprecedented degrees. These capabilities pose a direct threat to authentication mechanisms, access controls and user trust.

Overnight, staples like QR codes and various forms of MFA will become easily corruptible due to the sheer computing power at the criminals’ disposal. Widely used for payments and authentication, they may require updates or complete overhauls to resist quantum-generated attacks. 

Even the seemingly simple act of scanning a QR code could become a security risk if quantum-powered adversaries exploit flaws in code generation or scanning software.

Regulatory and strategic considerations

Despite claims that quantum computing will become feasible or profitable in several decades, we must still prepare for that inevitable moment. 

Governments and regulatory bodies are beginning to address the quantum challenge. Investments in quantum research and the establishment of frameworks for quantum-safe technologies are gaining momentum. 

For businesses, aligning with these initiatives is critical to ensure compliance and leverage state-of-the-art defences. Will cyber security become more expensive? Inevitably. But at the same time, there will be many more incidents than the 2,200 a day companies experienced in 2024.

Moreover, collaboration between the public and private sectors will play a pivotal role in quantum readiness. Sharing threat intelligence, standardising best practices, and incentivising quantum-safe transitions will strengthen collective security. 

Most importantly, governments must invest in building a robust quantum infrastructure to ensure that technological advantages are not monopolised by adversaries.

But how will we be able to balance between protectionism and benefiting the human race as a whole? We’ll find out sooner or later, that’s for sure.

Preparing for the quantum future

Quantum computing is no longer a distant possibility, but an imminent reality. Organisations of all sizes must adopt a proactive stance, integrating quantum risk assessments into their cyber security strategies. In particular, we must collectively focus on: 

  1. Education and awareness: IT and cyber security teams must receive the right education on quantum concepts and their implications. Building in-house expertise will be critical to navigating the complexities of quantum integration.
  2. Cryptographic inventory: This means mapping current cryptographic use to identify vulnerable assets. It allows organisations to prioritise upgrades where they are most needed.
  3. Adopting PQC: Currently, the best option is to transition to NIST-approved post-quantum algorithms. Early adoption minimises the risk of falling behind competitors or compliance requirements.
  4. Testing quantum services: In addition, it’s up to organisations to pilot technologies like QKD and QRNG to evaluate their practical benefits. Testing in real-world scenarios ensures smooth integration and operational efficiency.

Conclusion

Quantum computing’s dual potential in cyber security – as a tool for both defence and attack – requires a balanced approach. While its threats to traditional encryption are undeniable, its innovations also promise stronger, more resilient defences. 

Organisations that act now to understand and prepare for the quantum era will not only safeguard their assets, but position themselves as leaders in a rapidly evolving technological landscape.

Otherwise, no one’s data will be safe, and we’ll have no way of keeping up with the computing power at the hackers’ disposal.

Source

Posted on by

Privacy at a crossroads in the age of AI and quantum

The digital landscape is entering a critical turning point, shaped by two game-changing technologies: generative AI (GenAI) and the imminent arrival of quantum computing. These technologies hold vast promise for innovation, but they also magnify the risks to privacy, data security, and trust. Organisations that want to thrive sustainably in this new era must adapt quickly, recognising that the traditional methods used to protect personal data will no longer suffice.

The evolving privacy landscape

Privacy has long been a legal obligation for organisations. Today, it’s much more than that. In fact, privacy has become a competitive differentiator – organisations that handle customer data with integrity can build stronger relationships and earn more loyalty.

Currently, around 75% of the global population is covered by modern privacy laws, which signals that privacy is increasingly seen as a universal right. However, despite these widespread legal frameworks, there are still significant gaps in how laws are executed across different regions and industries. Data breaches continue to escalate, misinformation is increasingly rampant, and consumers are becoming more sceptical about how their personal data is handled. The rise of GenAI has only intensified these challenges as machine-generated content blurs the lines between fact and fiction.

Meanwhile, quantum computing looms on the horizon, introducing an entirely new set of challenges. By 2029, the computational power and availability of quantum systems is expected to make current encryption methods obsolete, putting sensitive data at unprecedented risk. For many organisations, the sheer cost of ensuring that this data remains secure could become unmanageable, potentially forcing them to purge vast quantities of personal data to prevent breaches.

A growing threat to data integrity

As the use of AI accelerates across industries, the quality of the data feeding these systems becomes even more crucial. However, too many organisations continue to focus primarily on protecting the confidentiality of data, while overlooking its integrity. This imbalance has led to a slew of problems, from poor decision-making to failed AI initiatives that fail to deliver meaningful outcomes.

Gartner predicts that by 2028, organisations will invest as much in ensuring data integrity as they do in confidentiality. This is a major shift, and rightly so. For AI models to be effective, they need high-quality, trustworthy data to train on. If this data is flawed or unreliable, the resulting AI systems will be just as flawed and unreliable. Beyond AI, maintaining data integrity is critical for everything from regulatory compliance to safeguarding consumer trust in the organisation’s practices.

In addition, data integrity plays a critical role in mitigating the risks posed by misinformation and AI-generated content. As GenAI continues to evolve, ensuring that data is accurate, traceable, and verifiable will become more important than ever. Without these measures, AI models risk becoming susceptible to manipulation, making them less effective – and ultimately less trustworthy – across industries.

Preparing for the quantum age

The rise of quantum computing is not just a future concern; it’s a present reality that organisations must begin preparing for today. The concept of “harvest now, decrypt later” is already a reality, with malicious actors stockpiling encrypted data in anticipation of quantum breakthroughs that would render traditional encryption methods obsolete. This poses a grave risk to organisations, as sensitive information that is currently safe from hackers could one day be compromised by quantum systems.

Governments around the world are already pushing for the development and adoption of post-quantum cryptography (PQC) encryption methods that are resistant to the computational power of quantum machines. But making the shift to PQC is no small feat. It requires a fundamental overhaul of existing cryptographic systems and infrastructure, a process that will take years to complete. For many organisations, the pressure is mounting to begin this transition as soon as possible to protect their sensitive data and remain ahead of the quantum curve.

A strategic response for organisations

To navigate these challenges, organisations need to act decisively:

  1. Reassess Data Strategies: Move away from storing huge amounts of data to adopting data minimisation practices. Retaining only necessary information reduces risk and aligns with modern privacy regulations.
  2. Invest in Data Integrity: Apply robust measures to ensure data accuracy, provenance, and lineage. This is critical for AI applications and for maintaining consumer trust.
  3. Adopt Post-Quantum Cryptography: Begin developing crypto-agility and a migration to quantum-resistant encryption methods now to safeguard sensitive data before quantum computing becomes mainstream.
  4. Enhance Privacy Practices: Integrate privacy-by-design principles into every product and service, offering consumers granular control over their data.

The broader implications

The intersection of GenAI and quantum computing represents a critical turning point for organisations. Failing to adapt to the evolving privacy and security landscape could lead to lost consumer trust, regulatory penalties, and competitive disadvantage. On the other hand, those who take proactive steps to protect data and embrace emerging technologies will not only minimise risks but also position themselves as leaders in the digital economy.

Bart Willemsen is a VP analyst at Gartner, with a focus on privacy, ethics and digital society.

Source

Posted on by

Microsoft overcomes quantum barrier with new particle

Microsoft has published the culmination of 20 years of research into subatomic particles, known as Majorana fermions, which it aims to use to build a million-qubit quantum computer.

The research has involved developing topological qubits, which Microsoft research anticipated would offer more stable qubits, requiring less error correction. A research paper on the property of these particles notes that Majorana fermions have a mathematical quirk which suggests that if fermions and anti-fermions are indistinguishable, they may be able to coexist without annihilating one another. 

In a YouTube video discussing the research, Microsoft technical fellow Matthias Troyer said: “Majorana’s theory showed that mathematically it’s possible to have a particle that is its own antiparticle. That means you can take two of these particles and you bring them together, and they could annihilate and there’s nothing left. Or you could take two particles and you bring them together and you have two particles.”

This offers a way to correlate the nothing state when the fermion and anti-fermion annihilate each other as a binary “0”, and when they both exist as a binary “1”. 

Microsoft technical fellow Krysta Svore said Microsoft has succeeded in designing a chip called Majorana 1 that is able to measure the presence of the Majorana fermion particles. “Majorana allows us to create a topological qubit,” she said, where the qubit is reliable, small and controllable.

The nature of the Majorana particles means they hide quantum information, making it more robust, but also harder to measure. Microsoft developed a new measurement approach that it claims is so precise that it can detect the difference between one billion and one billion and one electrons in a superconducting wire, which is used to determine the state of the qubit for quantum computation.

According to Svore, the approach Microsoft has taken gets around the noise problem that leads to errors in qubits, which results in error-prone quantum computers.

“Now that we have these topological qubits, we’re able to build an entirely new quantum architecture, the topological core, which can scale to a million topological qubits on a tiny chip,” she said.

Svore said that each atom in this chip is placed purposefully. “It is constructed from the ground up,” she added. “It is entirely a new state of matter. Think of us as building the picture by painting it atom by atom.”

The processors used to power computers traditionally use electrons. “We don’t use electrons for compute,” said Svore. “We use Majoranas.”

Majorana 1 is Microsoft’s new quantum chip that combines both qubits as well as surrounding control electronics. Along with the control logic, the Microsoft approach to quantum computing requires a dilution refrigerator that keeps qubits at temperatures much colder than outer space. Microsoft has also developed a software stack, which is needed to enable applications to take advantage of Microsoft’s quantum computing.

The Majorana 1 device can be held in the palm of a hand, and fits neatly into a quantum computer that can be easily deployed inside Azure datacentres. “The way the system that we are constructing works is you have the quantum accelerator,” said Microsoft vice-president Zulfi Alam. “You have a classical machine that works with it and controls it. And then you have the application that essentially goes between classical and quantum depending on which problem it’s trying to solve.”

Once the computations are completed, the results are re-synthesised on the classical computational machine, where it’s surfaced as an answer to the problem.

The researchers at Microsoft are confident the approach they have taken with Majorana 1 will be able to scale, which is something that has so-far hindered the progress of quantum computing, due to the error-prone nature of scaling logical qubits. Microsoft’s topological qubit architecture uses aluminum nanowires joined together in an “H” shape. Each H has four controllable Majoranas that are combined onto one qubit. The Hs can also be connected across the chip.

“It’s complex in that we had to show a new state of matter to get there, but after that, it’s fairly simple,” said Svore. “It tiles out. You have this much simpler architecture that promises a much faster path to scale.”

Source

Posted on by

TCS to inject AI and quantum computing into aerospace through French delivery centre

Tata Consultancy Services (TCS) is targeting the next technology revolution in the aerospace sector through a delivery centre that will focus on technologies such as artificial intelligence (AI) and quantum computing.

Based in Toulouse, it is TCS’s fourth IT delivery centre in France. It will start with 50 people, but could increase to 500.

The region of France is a hub for the aerospace sector, home to Airbus, the French space agency and hundreds of companies focused on the sector.

According to Anupam Singhal, president of manufacturing at TCS, the investment could stimulate the growth of TCS’s French operation as a whole.

TCS’s workforce in France currently stands at about 1,700 people after 30 years in the country. In comparison, the UK, with a similar size economy, has 23,000 TCS staff.

The new centre will be focused on the use of technologies such as AI and quantum computing to address the challenges faced by the aerospace and defence industries. It will also give customers access to the knowledge of TCS’s 600,000 global staff.

Industry challenges

Singhal cited the delivery delays being experienced by Boeing as an example of where the latest technologies might be used to assist aerospace manufacturers.

Despite orders for planes being at an all-time high, Singhal pointed to major challenges. “Supply chain resilience has been a big issue, and that’s the reason major suppliers have not been able to deliver the backlog of the demand they have,” he said.

Problems can escalate quickly for manufacturers when the supply chain is disrupted. Singhal gave the example of the Suez Canal blockage, which delayed the delivery of parts coming from suppliers across the world.

He said TCS is using AI to gather information in different formats, such as news reports, and work out what global or local events could impact the supply chain. It then warns the manufacturers if they need to make changes.

“The technology can process information and analyse what the possible impact could be. It can then advise the company, for example, to stock up with more items. The whole idea is that resiliency can be built in,” he said.

“Everything comes out of data, so the ability for us to connect public information with enterprise data – to understand where suppliers are and where items are coming from – means AI can tell the enterprise, ‘Deliveries may get stuck, but you have another supplier which is not affected – maybe you need to put an order into that supplier so your production line is not stopped’.”

Singhal added: “We are not saying it will replace humans, because they are in the loop, but today, all leaders and managers take decisions based on data. By using technology, we can provide a lot more data so that enterprises can make more intelligent decisions. In fact, AI technology can offer two or three possible options and let the customer decide what is the right thing for them.”

Tech for sustainability

While companies across the world talk about their targets for becoming carbon neutral, the aerospace industry is hugely dependent on fossil fuel. Singhal said TCS is working on the use of quantum computing in the design of aircraft to enable manufacturers to dramatically reduce fuel consumption.

“This is being done now with newer aircraft, which are 20% more efficient than older versions,” he said. “The lighter the plane, the lower the amount of fuel it will burn. So we built a quantum computing-based solution where the analysis of material can be done.”

Then there is the use of technology to optimise flight routes based on factors including distance, congestion and weather. “The fact is, every minute a plane is in the air, it’s producing huge amounts of carbon dioxide and airlines are burning money. We can use quantum to devise the optimal flight path so it doesn’t have to be in the air longer than necessary.”

Augmenting human skills

Optimising limited human resources is also a major challenge in a sector that is highly regulated and requires high-level skills.

Singhal said in sectors such as aerospace and defence, it is a challenge to find people with the right level of skills. But technology generally, he said, including AI, can enable less skilled people to perform the work of more highly skilled people.

“Using generative AI and natural language support, a worker can ask, ‘I need to assemble this part – tell me how to go about it’, and there could be a video or instructions for this part,” he added.

When it comes to human skills, TCS said the Toulouse centre will help accelerate recruitment in the region, accessing local talent, engaging in academic partnerships and using existing capabilities in France.

Source

Posted on by

Look to the future: How the threat landscape may evolve next

It’s been quite the half-decade. In fact, it’s hard to know where to start when reflecting on it. The Covid-19 pandemic saw a (forced) mass shift towards hybrid working models, leaving security teams with a new and complex attack surface to secure quickly. Charges made against the CISOs of SolarWinds and Uber set a precedent of legal responsibilities for CISOs when it comes to cyberattacks and reporting. Elsewhere, new regulations are being written into law across the world to protect organisations and consumers everywhere, from NIS2 to the Cyber Resilience Act. Similarly, artificial intelligence (AI) has revolutionised cyber security, for good and bad. In some ways, AI has become a helpful ally for security teams when it comes to fighting threats, especially as teams are facing a barrage of new and novel threats daily. On the other hand, the uptick in attacks is likely due to the increased use of AI by cyber criminals to speed up and automate attacks. These notable events are just scratching the (attack) surface!

The cyber industry has always been fast paced and security teams are no stranger to change. However, the last five years have challenged the industry significantly, with the unprecedented volume and sophistication of new threats, talent retention issues and burnout rise. As always, these challenges have exemplified the resilience of the industry. We learn from one another and, as a community, we have become more open to speaking of our collective challenges and helping one another. As we head into the unknown once again, it’s critical that we continue to foster a continued sense of openness and community.

I find ‘predictions’ difficult. This feels like using sticks to find hidden wells of water. I have no crystal ball that will reveal the spring of vulnerabilities going to be released upon us in the next five years. But, I have seen some trends over the past few years that have proven hardy and are representative of significant problems that aren’t going away any time soon. These are the best spots I can look to for what lies ahead.

We might see the quantum computing event horizon in the next five years, in which case, all bets are off. I don’t think that that day will be like the vaunted Y2K that was foretold, but will be more problematic over a longer period of time. It will still be a good amount of time before quantum computing is easily accessible by criminal groups in such a way that will make it an everyday threat…governments protecting secrets though, are in a different boat.

I will also make the very spicy take that the AI, at least in the current form using LLMs or things of a similar stripe, is going to sputter and fall flat. We haven’t seen massive increases in uptake by significant parts of the economy for any of the leading companies, despite them shovelling money into the AI furnace by the billions. There are also reports that the current flavour of AI LLMs have reached their limit, with diminishing returns as there are no longer any major corpuses of human-created data and content to consume and use for training. There, I said it. We are nearing ‘peak AI’. Cue sad trombone.

And now for something completely different…

On a much more serious note, I think the major events relating to cyber security over the next five years will be driven largely by geopolitical crises, starting with China.

Between now and 2030 we will see increased aggression by China with some form of conflict both hot and cold, brought on by the possible ‘annexation’ of Taiwan. China has, for some time, been using police actions (and civilian fishing vessels) to encroach on the territorial sovereignty of regional nations including the Philippines and Taiwan. I worry that what happened in Hong Kong will be tried in a similar way, and these methods for attacking territorial water boundaries will continue, using this playbook in Taiwan, with a diminished role for some traditional western powers. If this comes to pass, and unfortunately it seems that’s the direction things are heading, this will be a cataclysmic global event with truly massive implications. Western-based manufacturers of silicon will become parts of the national security apparatus as critical national infrastructure, in a way that they have escaped thus far but are increasingly moving towards.

More critical national infrastructure will fail in larger ways, due to espionage, conflict or both, like we have seen with the actions of Volt Typhoon and Salt Typhoon, Chinese state-sponsored actors digging into infrastructure like ISPs and telcos and energy companies for use in a future potential conflict and to monitor communications of strategic importance. My fear is that disruption of telcos and other “everyday” critical infrastructure sectors that have not gone as far in their cyber security maturity journey will force governments to assert more explicit control through regulation and direct assistance. And some of this will be long overdue, for in the year 2024, is it really defensible to not require MFA for privileged (or all) users? Or not move away from memory unsafe languages? Or not keep logs on critical system events? These things shouldn’t be acceptable now but I’m afraid it will take an even bigger catastrophe than the cyber crises we’ve endured in the past few years for these requirements to get stated in a sufficiently forceful way that gets some orgs to take note.

Russia will continue its role as global bully, but we will see more cracks emerge when they struggle running out of updates to Windows devices and other western technologies that are no longer available due to sanctions. Russian-based ransomware groups will move in more close alignment with the government and become proxy actors of the Kremlin, even more explicitly than they are now.

Supply chains will get hit, again, and again, and some more. Unfortunately this is a growing trend over the past few years and as we saw with CrowdStrike this year (which wasn’t a supply chain attack…but the disruption of their software caused a global technology event that impacted millions of people, disrupted businesses, cancelled flights, and more) these technologies have become almost irreversibly intertwined with corporate enterprise IT to such an extent that they can cause cascade failures.

Whether the attackers are aggravated aggressor nation-states like Russian and China or neo-organised crime in the form of ransomware gangs, the next years will see disruptions with increasing frequency and magnitude. Eventually there will be a counterforce, deployed by governments, in the form of policy, law and cyber action. My hope for my friends still working in the halls of power in Washington and Whitehall, is that we can mount an effective response to acts of aggression in a way that is proportionate and lasting, not overcorrecting but likewise not wasting an opportunity to help set and enforce some norms around responsible stewardship of user data, technology and public services, as well as norms for conflict in cyberspace that are rooted in our principles and values as a society.

Elliott Wilkes is chief technology officer at Advanced Cyber Defence Systems (ACDS). A seasoned digital transformation leader and product manager, Wilkes has over a decade of experience working with both the American and British governments, most recently as a cyber security consultant to the Civil Service.

Source

Posted on by

Challenging the cloud giants: Is a new era of competition on the horizon?

The UK’s Competition and Markets Authority (CMA) sent shockwaves through the tech industry in October 2023 when it announced its investigation into potential anti-competitive practices in the UK cloud infrastructure services market.

The CMA is not ploughing a lonely furrow: regulators across the world – from Spain and Denmark to South Africa and (if reports are to be believed) the United States – are examining various aspects of cloud computing and its impact on competition.

This scrutiny is long overdue, and it marks a significant step forward. For too long, regulators have looked the other way as the Western world’s cloud market quietly amalgamated around just two cloud providers.

While these tech giants have undoubtedly played their part in a global digital industrial revolution, their dominance is often accepted as an inevitable and unchangeable reality – even if it may have been achieved by anti-competitive practices. 

This implicit acceptance of the status quo is a false narrative because there are alternatives. Challenger cloud providers stand ready to compete, asking for nothing more than a level playing field.

For inquiries like the CMA’s to succeed, it is crucial that decision-makers do not allow the dominant cloud providers to monopolise the conversation and they need to give equal weight to the voices of those challengers.

At the beginning of next year, we will learn about the CMA’s provisional opinion on the four “theories of harm” under investigation.

These range from concerns about exploitative pricing practices to barriers that restrict customers from switching providers.

During the summer, the CMA proposed numerous remedies to combat these. While we can’t second guess the exact conclusions, one thing is clear: challenger cloud providers hold strong and united views, based on decades of cumulative experience.

These challengers offer a vital dose of reality to what can often become dry, legalistic debates.

 While the industry may be guilty of using jargon like “data egress fees” and “anti-competitive licensing practices”, these terms have real-world consequences. 

Ask a challenger provider to explain what these practices mean for their business, and you’ll hear stories of dominant players charging exorbitant fees to customers who try to leave their platforms or dramatically increasing the cost of widely-used software when it’s run on a competitor’s cloud. These practices have profound implications for competition.

If the CMA can create a framework that enables competition, the benefits will ripple through the market. Challenger cloud providers, with their agility and innovation, will drive down prices, expand consumer choice and spur further technological advances. They will also help to address critical concerns like cloud concentration risk and digital resilience, which become ever more pressing as our dependence on cloud services grows.

The stakes couldn’t be higher. This isn’t just about today’s challengers and consumers; it’s about future-proofing the entire cloud ecosystem. Emerging markets such as AI and quantum computing – both heavily reliant on cloud infrastructure – must not fall victim to a “winner takes all” scenario.

 Such an outcome would stifle innovation and concentrate power in ways that could threaten global digital resilience and even national security.

The CMA, alongside its international counterparts, has a unique and urgent opportunity to reset the dial. This is a moment to usher in a new era of openness, competition, and fairness in the cloud market.

Challenger cloud providers will be watching closely to see how the CMA’s provisional decision translates into meaningful solutions that benefit not only the industry but also consumers, the wider economy, and the future of digital innovation.

While the last twelve months may have fired the starting gun on investigating the cloud market, the next twelve could be when we see real change begin.

Source

Posted on by

The most pressing challenges for CISOs and cyber security teams

The UK Ministry of Defence recently published its Global Strategic Trends report which sets out the developments that will shape the world over the next five years. These provide an insight into some of the challenges that CISOs and cyber security teams will face.

The first threat is that of global and regional political instability. As regional and global power competition intensifies, we may see growing authoritarianism and a decline in democracy. The capabilities of violent extremist organisations and organised crime groups to cause harm will increase. Access to data will become a key component of global power for both state and non-state actors, all of which will require greater vigilance from cyber teams.

The second area of concern comes from the expanding attack surface, The exponential reliance on data and connectivity across states, organisations, and individuals in an increasingly connected world will significantly expand the attack surface. With stretched resources from dealing with an ageing population and climate change, nation states may not be able to provide the increasing level of direct support needed for cyber defence operations.

A further trend driving cyber threats is the technological arms race. The increased reliance on data and connectivity, coupled with advances in Quantum and AI, will escalate the arms race between cyber exploiters and victims. This shift is already being seen in the rise of zero-day attacks. The National Cyber Security Centre (NCSC), in collaboration with cyber security agencies from the US, Australia, Canada, New Zealand, and others, identified that most of the top 15 vulnerabilities exploited in 2023 were initially targeted as zero-day attacks. This trend has continued into 2024, highlighting the evolving tactics of cyber adversaries and the increasing availability of advanced exploitation tools.

Pressing challenges for CISOs and security teams

Given these trends, the most pressing challenges for CISOs in the next five years will be related to the rise of AI, building a culture that fosters secure behaviours, the threats from insiders, data management and patching and monitoring, as well as the ongoing need for operational resilience.

The rise and risk of AI is increasing as adversaries weaponise AI for malicious purposes, using it to create undetectable malware, automate reconnaissance, and execute deepfake-based scams. Organisations are rapidly chasing the ‘AI dream’, looking at ways in which it can deliver significant business benefits and CISOs will need to make their voice heard at the planning stage to avoid security being seen as a secondary consideration.

Organisations invest heavily in protecting their digital systems, physical assets, and people from adversaries with software solutions to detect cyber threats, restrict access to buildings and safeguard sensitive employee information. However, up to 95% of security incidents typically result from human actions, whether through unintentional errors or intentional breaches. A technical solution alone is not going to keep the future organisation safe. To protect what matters most CISOs should look to leverage the power of their people by embedding the right security behaviours into organisational culture to create an effective first line of defence. A robust security culture ensures every individual within the organisation understands their role in maintaining security and takes proactive steps each day to enhance it. 

Insider threats, whether stemming from intentional actions by malicious employees and contractors or unintentional mistakes by negligent staff, remain a significant source of security breaches. These risks are further amplified by the rise of hybrid work models, which reduce organisational control over devices and network environments. These create additional vulnerabilities that security teams must address through more joined up approaches to physical and cyber security.

Data management and protection is ever more critical as there is more data and greater connectivity to manage. CISOs need to know what their critical data is, where it is located, who has access to it, how it flows, how it is protected, and where it is vulnerable. Understanding their own systems and their residual risks, as well as the risks to their data when it is in the hands of others, is crucial. CISOs also must have confidence in their supply chain and its ability to protect assets properly. Networks and data sources must be appropriately protected both in transit and at rest. Ransomware and phishing remain a persistent and evolving danger, with attacks becoming more targeted and destructive. Meanwhile, the advent of quantum computing poses a looming threat to traditional encryption methods, compelling organisations to prepare for a transition to post-quantum cryptographic standards.

The increasing use of effective zero-day exploits means that we need to stay on top of patching and monitoring, which itself will occur at a faster pace. CISOs must get smarter with protective monitoring so that they can identity suspicious system behaviour as early as possible. They should also make better use of AI and machine learning tools as they develop.

As all these threats increase, security teams will have to prioritise operational resilience so they can respond to natural disasters, geopolitical instability, and supply chain disruptions that can compromise infrastructure and data availability. The growing reliance on third-party vendors and services heightens the risk of supply chain attacks, exposing organisations to vulnerabilities that lie beyond their direct control. Ensuring rapid recovery and effective business continuity will increasingly become central to security strategies.

Many of these threats are not new but their number and impact is growing and it is clear that the task of the CIO is only going get harder in the next five years.

Source