While offering yet-to-be-fully realised opportunities for innovation and efficiency, AI and quantum computing also present significant challenges to cybersecurity professionals and their industries.
Today, AI is used on both sides of the cybersecurity aisle. Quantum computing threatens to render current encryption methods obsolete, necessitating a rapid transition to quantum-safe algorithms.
The urgency of AI and quantum literacy
Chief Information Security Officers (CISOs) in Asia must prioritise building AI and quantum literacy within their teams to navigate this evolving threat landscape effectively. While in-depth technical knowledge is not necessarily required for everyone, a solid foundation in understanding the potential of these technologies is vital.
The head of systems integration at Ensign InfoSecurity, Paul Tan, emphasises that "a strong foundation in understanding the potential of these technologies is vital for achieving the best outcomes." He cautions against viewing AI as a "one-size-fits-all solution," advocating instead for its use to maximise operational effectiveness.
Regarding quantum computing, Tan stresses the importance of "proactive planning and sufficient knowledge to understand the consequences of quantum cryptography in systems, as it extends beyond encrypted data to core security infrastructure." Staying ahead requires a commitment to continuous learning and adaptation.
AI: A double-edged sword
AI is a double-edged sword in cybersecurity. On the one hand, it offers powerful tools for defenders, levelling the playing field against attackers. Security teams can leverage AI to monitor network behaviour, enhance threat detection, and streamline incident response. AI can also automate tasks like threat triage by comparing threats against intelligence feeds and recommending response strategies.
However, AI is not without its limitations. Tan posits that "full automation in AI remains a work-in-progress due to limitations in action points." Moreover, attackers increasingly exploit AI for malicious purposes, including deepfake scams, phishing attacks, and creating polymorphic malware that can evade traditional defences.
Organisations must invest in advanced, AI-powered security solutions that proactively counter evolving adversarial tactics," recommends Tan.
Ensuring robustness and resilience of AI defences
One key challenge in leveraging AI for cybersecurity is ensuring the robustness and resilience of AI-driven security systems against adversarial attacks, such as data poisoning. Data poisoning involves injecting malicious data into an AI model's training set, causing it to make incorrect predictions or take undesirable actions.
To mitigate this risk, CISOs should prioritise data integrity within their organisations by sanitising the data points used to train AI models.
"CSOs should prioritise data integrity within organisations by sanitising the data points where AI models have been instructed and distributed while ensuring AI models are trained on informed decision-making to remain effective." Paul Tan
He also emphasises that "AI should not replace traditional cybersecurity measures but should complement them."
Transitioning to quantum-safe cryptography
The advent of quantum computing poses a fundamental threat to current encryption methods. Designed for computing needs outside of general-purpose applications, Quantum computers, with their ability to perform complex calculations far beyond the reach of classical computers, could break many cryptographic algorithms that currently protect sensitive data. This necessitates a transition to quantum-safe cryptographic (PQC) algorithms.
The timeline for this transition will vary depending on the organisation's ecosystem and the availability of resources. Tan recommends that "the most critical first step is to classify data by recognising what is genuinely sensitive and what is not to ensure long-term protection using post-quantum cryptographic (PQC) algorithms is guaranteed."
Organisations should protect and secure backups and storage while following standards set by organisations like the National Institute of Standards and Technology (NIST). Local initiatives, such as those launched by Singtel and IMDA in Singapore, can also provide valuable guidance and support.
The "Harvest Now, Decrypt Later" threat
The threat of "harvest now, decrypt later" is a significant concern in the age of quantum computing. This scenario involves malicious actors collecting encrypted data today to decrypt it in the future when quantum computers become powerful enough to break current encryption algorithms.
Organisations must proactively transition to PQC standards to protect their data and address this threat, even as quantum computing becomes more advanced and accessible. Tan explains, "What organisations can do is shift their focus and transition to PQC standards to protect their data, even while quantum computing becomes more advanced and accessible."
Managing expectations and ensuring compliance
CEOs' and business unit leaders' high expectations for AI and quantum computing can also impact the CISO's role. CISOs must manage these expectations while integrating these technologies into operations and ensuring regulatory compliance.
AI and quantum computing create more sophisticated attack vectors, increasing business risks. CISOs must lead cultural shifts towards quantum resilience, translating cyber risks into business impacts for the C-suite. At the operational level, they must guide AI adoption, ensure AI defends against AI, and protect encryption against quantum threats.
CISOs must also stay on top of emerging regulations, investing in upskilling teams on AI security and quantum risk mitigation. Their role is to prepare the organisation for future challenges, balancing innovation with security to ensure long-term resilience.
Advice for CISOs in 2025
CISOs in 2025 face a complex and rapidly evolving cybersecurity landscape. To succeed, they must embrace AI and quantum computing while remaining vigilant about the risks they pose.
Tan offers the following advice for CISOs: "CSOs are not alone in the struggle amidst emerging technologies; acknowledging the power to leverage these developments is mandatory." He emphasises the importance of embracing these advancements, as adversaries are already utilising these platforms.
However, CISOs must also be able to discern between genuine solutions and hype. They need to identify the best and most operationally effective solutions based on their specific environment, despite the many security products claiming to provide the best solutions available.
Click on the PodChat player to listen to Tan's view on how AI and quantum computing are redefining the cybersecurity landscape and the profession.
- Given that AI and quantum computing are rapidly reshaping the cybersecurity landscape, what immediate steps should CISOs in Asia take to ensure their teams possess the necessary AI and quantum literacy to navigate this evolving threat environment?
- In what ways are you observing AI being leveraged by both cybersecurity defenders and malicious actors, and what proactive measures can CISOs implement to stay ahead of these dual-use applications?
- Considering the potential vulnerabilities of AI-driven security systems to adversarial attacks like data poisoning, what strategies can CISOs employ to ensure the robustness and resilience of their AI defences?
- As quantum computing threatens to render current encryption methods obsolete, what is your recommended timeline for organisations to transition to quantum-safe cryptographic algorithms, and what are the key challenges in implementing these systems?
- With the advent of quantum computing, how should organisations reassess their strategies for protecting sensitive data against "harvest now, decrypt later" attacks, and what role does post-quantum cryptography play in this? Hybrid cryptography
- How do CEOs' and business unit leaders' high expectations for AI and Quantum computing impact the CISO's role in managing expectations, integrating these technologies into operations, and ensuring regulatory compliance?
- Let's recap: given what we know about AI and PQC, what is your advice for CISOs in 2025?