Quantum safe on the compass shooter for changes
3 minutes
The turn of October and November traditionally belongs to a meeting of internal auditors, this year unusually in autumn in the form of a workshop, primarily intended for internal audit representatives from public administration.
Internal auditors and auditors of many state organizations and many private entities met on 22-23 October in the statutory town of the Olomouc Region, Přerov.
Workshop of the Czech Institute of Internal Auditors(CIIA) entitled Compass for changes in internal audit, had as always a primarily educational main line. The leitmotif this year, compared to the previous months and the topic of global standards, was the topic of financial auditing and the new financial law, but also cybersecurity, which is increasingly mentioned among auditors.
What is the quantum threat?
ČIIA conferences have long had a high professional level - and since we ourselves have long been involved in the field of audit not only as a supplier of a number of IT solutions, but also as consultants in information technology, we did not miss the workshop as partners this year.
The second day of the conference included a session led by Mr. Lumír Srch, CEO of ITS, who spoke about the issue of quantum computers, related post-quantum encryption, but above all about what it will mean in the future not only in terms of auditing, but also in his personal life. Because when we talk about the sensitivity of data, we should not forget that the most sensitive data is often our personal data.
As has been said, although it may seem that "Quantum safe" is not a topic for auditors, the opposite is true. As it was mentioned in the paper, this issue goes far beyond IT, it concerns management, strategic planning, it is much more complex. The auditor is an equally important part of the whole system.
The question is not if, but when
Part of the input included a look at the current situation, the ever-shrinking forecasts Q-day, terms like Harvest now, decrypt later to the formal framework where European institutions like ENISA or local National Cyber and Information Security Authority are recommending a move to quantum-resistant algorithms by 2027.
In view of the newly valid Cybersecurity Act, where attention is focused massively on the NIS2 directive, we are glad that we have highlighted this whole topic - because as has been said many times, it is very complex and for larger organisations the remediation process is estimated to take several years. So at the very least, it is a good place to start the discussion.
Finally - what you can start today
Of course, debates around the post-quantum will not in themselves protect anyone. Steps can already be taken now to help you on your path to crypto-agility. Feel free to ask us.
We thank the CIIA for the great and meaningful cooperation and look forward to seeing you again in the spring or at one of the CIIA seminars.
What else to read
See more news from the world of IT and ITS
