1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Quantum can wait: Why CISOs should focus on todays preventable cy

    From TechnologyDaily@1337:1/100 to All on Tuesday, April 28, 2026 11:45:25
    Quantum can wait: Why CISOs should focus on todays preventable cyber risks

    Date:
    Tue, 28 Apr 2026 10:30:18 +0000

    Description:
    The criminals of today are still exploiting basic security failures.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The cybersecurity industry has long grappled with how to prepare for threats on the horizon, and few have seized attention as firmly as quantum computing. The potential for quantum tech to unpick todays toughest encryption has inspired a raft of reports and advisory notes.

    Official guidance from bodies like the NCSC has pushed quantum even higher up the agenda and, as a result, CISOs are increasingly being asked the same question: are we ready for a quantum future? Jon Abbott Social Links Navigation

    CEO and Co-founder at ThreatAware. It is a fair question, because quantum computing will, eventually, force a fundamental shift in how we protect sensitive data. But eventually is the key word. Most credible estimates place that moment in the early to mid-2030s. Article continues below You may like Forget the AI Armageddonquantum computing is the real threat to digital security How to meaningfully measure the effectiveness of cyber resilience When confidence becomes a risk: The gap between cyber resilience readiness
    and reality

    While quantum is an attention-grabbing threat, its also the latest in an on-going trend in which were in danger of overlooking todays security fundamentals in favor of focusing on tomorrows threats.

    Its true that we cant afford to ignore futuristic threats entirely, however this cant come at the expense of distractions from the very real, very preventable breaches happening right now.

    After all, almost any major cyber attack over the past decade shared one
    thing in common, somewhere along the attack chain, there was a gap in basic cyber hygiene. Separating genuine threat from shiny distraction Quantum computing is a serious long-term consideration. And on the surface, a meeting about theoretical quantum threats could certainly feel more engaging that one that covers more routine issues like improving EDR deployments and MFA usage. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The cybersecurity industry, and the wider tech industry in general, always
    has to have an eye on the next big thing. Big data dominated the agenda a few years ago for example, AI has now taken center stage and quantum is on the horizon.

    Anticipating whats next is important, but it cant come at the expense of overshadowing the challenges organizations are dealing with right now.

    Strategic maturity is not about reacting to the headlines; it is about sequencing risk proportionately. What to read next Why traditional metrics
    are giving CISOs a false sense of security AI powers innovation but its also powering the next wave of cyber attacks Regulatory whiplash: Why cyber resilience is now a governance imperative

    Before debating how to defend against a machine that does not yet exist at scale, organizations should ask a simpler question: are we confident that we have closed the doors attackers are walking through every day? Todays criminals are exploiting basic security failures While impending threats shouldnt be ignored entirely, most companies shouldnt be focusing on it over the rest of their security priorities. For example, more than 97% of identity attacks in 2025 were password-based, and identity-driven attacks surged in
    the first half of the year.

    The average threat actor is carrying out successful attacks by exploiting
    weak credentials, missing patches and routine configuration failures. They will simply look for the open doors that provide the route in, be it weak MFA enforcements, a lack of EDR or slow patching processes.

    Likewise, social engineering remains highly effective because it works, and
    it will be a long time before smashing encryption with a supercomputer is
    more cost-effective than manipulating a helpdesk into resetting a password .

    Poor cyber hygiene is immediate, measurable and actively being exploited, so closing these gaps today must take precedence. The illusion of security and why fundamentals still fail So, if these threats are so familiar, why do they continue to succeed?

    The biggest issue is that many organizations still dont have clarity over how secure their environments actually are. Security dashboards may report high coverage for endpoint detection or multi-factor authentication , yet few
    teams can state with confidence how many devices or identities should be protected in the first place.

    You cant secure what you cant see is a well-worn phrase in the security industry, but its still painfully relevant.

    For example, when we assess IT environments for the first time, its common to see endpoint agents marked as active even though they have silently failed. Patches are delayed due to another operational priority, and access
    exceptions are granted to senior staff for convenience.

    These small compromises accumulate into systemic exposure.

    The result is a dangerous illusion of security: an estate that appears well-controlled on paper but contains unmanaged devices, dormant accounts,
    and misconfigurations beneath the surface. Where CISOs should focus instead
    If security leaders want to reduce real-world risk, the starting point is not speculative post-quantum cryptography, but the disciplined execution of the controls we already know prevent breaches.

    The first priority is to make breach prevention measurable. Every
    organization should be able to state, with evidence, whether MFA is enforced across all user accounts, whether endpoint detection is deployed on every in-scope device, and whether critical patches are applied within defined timeframes.

    If you cannot measure it accurately, you cannot manage it effectively.

    Second, eliminate blind spots. Asset inventories should reflect what devices are connected and accessing corporate systems on an on-going basis, not what was recorded during the last audit, while controls must be validated as functioning, not merely installed.

    A single unmanaged device or stale account can undermine millions of pounds spent on advanced tooling.

    Finally, prevention needs to be elevated to board level. Boards should not only ask how quickly incidents are detected, but how consistently exposure is being reduced. Prevention performance should be reported with the same rigor as financial metrics.

    Only once these foundations are demonstrably in place does it make sense to devote significant attention to the next wave of cryptographic change. Plan for the future but do not lose focus None of this is an argument for ignoring future risks. Sensible preparation is essential, and there are multiple steps to take today.

    Organizations should identify where cryptography is embedded across their systems, understand data retention timelines and monitor for guidance from standards bodies and government agencies.

    Discovery and roadmap planning now will make the eventual migration far smoother, and these steps also boost security against current threats.

    Security leadership is ultimately about proportionality. While there is concern about harvest now, decrypt later tactics from advanced actors preparing for quantum capabilities, they are still collecting data using the same familiar tactics.

    It stands to reason; they are exploiting overlooked accounts, unprotected endpoints and basic process failures. The next wave of breaches in the months and years ahead are far more likely to stem from risks that were visible, measurable and preventable all along. We've featured the best antivirus software. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology
    industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/quantum-can-wait-why-cisos-should-focus-on-today s-preventable-cyber-risks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)