What Is Harvest Now, Decrypt Later — And Why It Should Terrify Your Security Team

Picture a deal team negotiating a major acquisition. Calls between executives and counsel flying back and forth on mobile devices. Every message encrypted. Every call secured — or so the security stack indicates.

Now picture an adversary who has already copied every one of those communications. They can't read them yet. But they don't need to. They're waiting.

This is not a hypothetical attack. It has a name, a confirmed body of evidence, and nation-state actors already running it at scale. It's called Harvest Now, Decrypt Later — HNDL — and understanding it should change how your security team thinks about mobile communications today.

The Attack Doesn't Need a Quantum Computer. Just Patience.

HNDL is straightforward in concept and deeply threatening in practice.

An adversary intercepts encrypted communications and stores them. The data is unreadable now. But when quantum computing matures to the point where it can break today's encryption standards — and it will — the attacker runs the decryption process and accesses years of stored communications in bulk.

Think of it like a thief who can't crack a safe on site. So instead of leaving empty-handed, they take the entire safe. They'll open it later, when they have the right tools.

For the organization whose data was taken, there is no warning. No breach notification. No alert. The communications were captured silently, in transit, and the organization may never know — until the decrypted intelligence surfaces somewhere it shouldn't.

The attack requires no quantum capability today. Just collection infrastructure and storage. Both are well within the reach of nation-state intelligence programs.

This Isn't Theoretical. Here's the Evidence.

In late 2024, the U.S. government confirmed that Salt Typhoon — a Chinese state-sponsored hacking group — had infiltrated at least nine major U.S. telecommunications providers, including AT&T, Verizon, and Lumen Technologies. FBI Director Christopher Wray described it as the most significant cyber espionage campaign in history.

The attackers maintained undetected access for an estimated one to two years. Their goal was not ransomware or financial theft. It was intelligence collection — the patient, long-term accumulation of sensitive communications data. Call records. Metadata. In some cases, the actual content of calls and messages targeting senior government officials.

That is HNDL in practice, executed at national scale, by a confirmed actor, against infrastructure most organizations assumed was secure.

The U.S. government's own position on this is unambiguous. CISA, NSA, and NIST issued a joint advisory in 2023 explicitly warning that adversaries could be targeting data today that would still require protection in the future. This is not analyst speculation. It is official policy.

And the awareness gap remains striking. Bain & Company research found that roughly 71% of business executives expect quantum-enabled cyberattacks within five years — yet only 9% of technology leaders report having a roadmap in place to address it.

Adversaries are not waiting for that 9% to catch up.

Why Your Current Encryption Doesn't Save You

RSA and elliptic curve cryptography — the standards protecting most digital communications today — work on a principle of mathematical asymmetry. Easy to lock. Functionally impossible to unlock without the key, using any computer that currently exists.

The operative phrase is currently exists.

In 1994, mathematician Peter Shor demonstrated that a sufficiently powerful quantum computer could break this class of encryption exponentially faster than any classical machine. The NSA, CISA, and NIST have all confirmed publicly that current encryption standards will be broken by a capable quantum computer. This is the official technical assessment of the U.S. government's top cryptographic agencies — not a vendor claim.

HNDL exploits the gap between now and then. The data is collected before the decryption capability exists. When the capability arrives, the collection is already done. There is no second chance to protect communications that have already been captured.

In August 2024, NIST formalized this reality by publishing the first post-quantum cryptographic standards. When a standards body that moves on decade-long timelines finalizes an emergency migration framework, the threat assessment behind it is worth taking seriously.

Mobile Is the Highest-Risk Surface — And the Least Protected

Enterprise security investment has historically gone to endpoints, networks, and data centers. Mobile devices — where executives, legal teams, deal teams, and field personnel conduct their most sensitive conversations — have received far less attention.

That gap is now a critical liability.

Here is what most organizations don't realize about mobile security: encrypting the content of a message is not the same as protecting the communication. Every piece of data a phone sends travels through a network layer before it reaches its destination. That layer doesn't see message content. But it sees everything else — source and destination addresses, connection timing, traffic volume, who is communicating with whom and how often.

Intelligence professionals call this pattern-of-life analysis. Collected over time, metadata reveals business relationships, negotiation timelines, organizational structure, and decision-making patterns — without decrypting a single message.

Standard enterprise mobile security tools protect the device itself. Mobile device management, endpoint protection, app-level encryption — none of these address what the device transmits across the network. That traffic, carrying metadata and behavioral signatures, travels largely unprotected.

Traditional VPNs help, but they don't solve the problem. A VPN hides the content. It doesn't hide the pattern — and a consistent VPN endpoint creates its own recognizable, trackable signature.

Combined with HNDL, the mobile gap becomes urgent. Network-layer mobile traffic captured today, stored, and held for future quantum decryption represents years of executive communications, legal deliberations, and deal strategy that may become fully readable before the decade is out.

What to Do About It Before the Window Closes

Post-quantum mobile security is not a rip-and-replace infrastructure project. But it is a deliberate decision that has to be made before CRQC arrives — not after.

Three places to start:

Audit who carries the real risk. Not every employee represents the same exposure. The highest-priority populations are those whose communications carry strategic value over a multi-year horizon: C-suite, legal teams, deal teams, government liaisons, and field executives with access to proprietary intelligence.

Assess whether your current tools cover the network layer. Ask your security team directly: does our mobile security solution address the metadata, connection patterns, and traffic behavior that travels between the device and the internet? App-level encryption does not. A VPN partially does. A purpose-built network-layer solution with post-quantum encryption is what the threat environment requires.

Move high-risk users first. A tiered deployment is practical. Prioritize the populations whose communications carry the most long-term strategic value. Procurement cycles, security vetting, and enterprise deployment take time — organizations that wait until quantum computing is impossible to ignore will not be able to protect communications already captured in the years before they acted.

The data being collected from your executives' mobile devices today is the data adversaries intend to decrypt tomorrow. The window to protect it is open. It will not stay open indefinitely.

Want the full picture? Our in-depth brief covers the quantum threat, the mobile security gap, and what genuine post-quantum protection looks like in practice — including the specific NIST standards that separate credible solutions from marketing claims.