Think your sensitive data is safe until quantum arrives? It's not.

Today’s organizations handle highly sensitive data—financials, private records, trade secrets. In the wrong hands, that data can be catastrophic. That’s why we encrypt it—to render it useless even to the most advanced computers of today. 

But what about tomorrow’s computers? What if someone tries to crack it with a computer from the year 2030?

“That sounds like science fiction,” you might say. “They’d need a time machine.”

No Tardis required. All they need to do is collect your data today and wait for quantum to arrive. It's called Harvest Now, Decrypt Later (HNDL)—an attack that counts on your organization leaving today's encrypted data vulnerable, so it can be broken tomorrow.

In this article, I’ll explain why HNDL is a real and present threat to your organization, what’s at stake if you ignore it, and how you can defend against it.

What is HNDL?

Harvest Now, Decrypt Later (HNDL) is a simple but powerful technique: attackers steal your data in the present, knowing that advancements in computing will allow them to easily crack it in the near future. These can be include breakthroughs in quantum computing or any other strides in decryption technology. For bad actors, it’s a long-term play with a potentially significant payoff. 

HNDL is not just theory, but a tried-and-tested technique, according to Whitfield Diffie, pioneer of public-key cryptography and Turing award winner. In fact, HNDL was used during and after WWII by US intelligence to decrypt Soviet messages.

What sort of data is vulnerable to HNDL?

Anything that has long-term sensitivity. These can include, but are not limited to: 

• Government and military communications: Classified documents, diplomatic cables, intelligence reports, anything with decades-long confidentiality requirements.
• Healthcare records: Patient medical histories, genetic information, mental health records.
• Financial data: Wealth disclosures, offshore accounts, investment strategies, some tax documents.
• Intellectual property: Trade secrets, source code, formulas, and R&D pipelines.
• Legal records and contracts: Attorney-client communications, NDAs, settlement agreements, and long-term legal obligations.
• Corporate or industrial secrets: Strategic plans, internal audits, compliance reports.
• Personal communications: While random emails, photos, and messages may not matter, they may be long-term sensitive for political figures, CEOs, and other individuals.

According to Dr. Raluca Ada Popa, who leads frontier security research at Google DeepMind, anyone who has long-term sensitive information should be taking action now.

It is worth noting that using quantum attacks to break encrypted data will initially be expensive, and so the data will have to be of sufficient value to the attacker.

Are there signs that HNDL is happening now?

Yes. Data theft—the first step in HNDL—is on the rise. In 2023, the number of data compromises shot up by 78%, and the market for data theft is expected to double in size by 2030. 91% of ransomware attacks now involve data theft, but only 57% of victims are notified.

Since the second step in HNDL involves decrypting this stolen data with a quantum computer that doesn’t exist yet, there’s no hard evidence of these attacks taking place. However, once this starts to happen, it will already be too late to prevent it.

In 2015, Dr. Michele Mosca, a quantum computing researcher at the University of Waterloo, estimated that there was a 1/7 chance that 2048-bit RSA will be vulnerable by 2026 and a 50% chance it would be vulnerable by 2031. Ten years later, Dr. Mosca now says we are already at a point where quantum hardware is surpassing classical hardware tasks.

Is there a way to protect my data from HNDL?

Yes, using post-quantum cryptography (PQC). NIST has released new encryption algorithms you can use to protect your business data against both traditional and future quantum attacks. By phasing out your old encryption methods and switching to PQC, you can protect yourself from HNDL. NIST recommends organizations deprecate their old encryption methods between now and 2030. 

To learn more, I'd check out Brandon DeVault's course “Security Engineering: Automation for CompTIA SecurityX." It has a dedicated section on teaching experts to implement post-quantum cryptography. 

Below is a recommended timeline for transitioning to PQC according to Gartner's specialist in Quantum Computing and PQC, Mark Horvath.

How should my organization protect itself from HNDL?

1. Study up on post-quantum cryptography

Learn what you can about PQC and the algorithms currently available, as well as their strengths and weaknesses. This will help you start off strong, since you’ll be coming from an informed place.

2. Take stock of your current inventory

Make a list of all your systems, applications, and devices that use encryption methods that will be succeptable to quantum attacks (E.g. Public key cryptography, AES128.) You’ll need a solid understanding of where it’s used before you can plan any changes.

3. Understand what you’re protecting

Take a look at the data that’s currently secured with at-risk crypto. How sensitive or valuable is it? This will help you figure out what needs to be prioritized.

4. Build a transition plan to PQC

Moving to PQC doesn’t happen overnight. Put together a plan that includes testing the new algorithms, rolling them out carefully, and retiring the old ones when you’re ready.

5. Bring your partners into the loop

PQC affects more than just your internal systems—your vendors and partners matter too. Make sure you’re aligned with them early on, especially on what your requirements for them are.

6. Keep your teams informed and prepared

Not everyone needs to be a cryptography expert, but key teams should understand what PQC is and why it matters. Offer clear guidance, updates, and training as needed.

Does switching to PQC cost money?

Yes. As anyone in IT knows, switching from legacy systems to something new costs a lot of money. Old systems may have cryptographic algorithms embedded directly into hardware or firmware, which makes them expensive and tricky to update. However, the cost of not updating to PQC and being unprepared for quantum attacks would be monumentally higher.

If you wait to implement PQC until quantum attacks are happening—for argument’s sake, in 2028 or 2030—then you will need to migrate at an incredibly fast rate. This will be very expensive and more prone to complications. 

This approach will also do nothing to protect you against HNDL attacks or any quantum-powered data breaches that serve as a wake-up call. That cost, both fiscal and reputation-wise, will depend on the value of your sensitive data.

Conclusion

HNDL can feel like just one more threat in an already overwhelming list for organizations to defend against. But while the idea of replacing all your existing cryptographic methods with PQC might seem daunting, planning and budgeting for the shift in the present will save you a lot of pain in the future.

It also keeps your long-term data safe. Remember, 2030 is not all that far away, and all bad actors have to do is steal your encrypted data now---and hope you haven't implemented PQC to protect it.