No Wi-Fi at the NATO summit – a lesson for every entrepreneur

Tomorrow is the day: the NATO summit will take place in The Hague. To strengthen cybersecurity, special measures are being taken, such as laying no less than 30,000 meters of cables for communication, Wi-Fi is being deliberately avoided. But why is this necessary? And should entrepreneurs be alert when using Wi-Fi networks anyway? We asked cybersecurity expert Patrick Jordens.

Do you think this NATO summit could be a target for cybercriminals?

“Absolutely. With events like this, it's usually not a question of whether there will be an attack, but how many parties will try to break in at the same time. The threat can come from all directions: state actors, hacktivists, or other groups with political or ideological motives. We even have to take into account that these are organized groups, for example from Russia, who carry out advanced hacks and are paid to do so."

Let's zoom in on some of the cybersecurity measures that are being taken. For example, there will be no Wi-Fi during the summit. Why not?

"In theory, anyone in the vicinity of a Wi-Fi network can eavesdrop or try to break in. Even with strong encryption, you are never completely safe. One misconfigured access point can be enough.

Incidentally, all Dutch organizations and companies can learn a lesson from this. Quickly sending annual accounts via the public Wi-Fi of a coffee shop is something we still do far too often. NATO takes no risks when it comes to Wi-Fi, and entrepreneurs shouldn't either."

The National Cyber Security Center warns of an increased risk of sabotage, espionage, and political influence in the run-up to the NATO summit. They say that all Dutch organizations in general should conduct penetration tests. What does that entail?

"When you do penetration testing, you are essentially testing yourself for leaks. You let someone, often an ethical hacker, look at your systems, your networks, your applications, and actively search for weaknesses. It's a kind of proactive vulnerability scan. It's important to do this regularly.

What kind of vulnerabilities can you discover? Think of misconfigurations, security settings that are not enabled, or software that is not up to date. Manufacturers don't release updates for nothing: they often fix known vulnerabilities. If you don't install those updates, you're leaving the front door open."

Do you have a message for Dutch companies and organizations?

Around a NATO summit, there is always increased attention to cybersecurity, but organizations should actually be alert all year round. What I often see is underestimation. Like, “Oh, I'm not an interesting target, am I?” But that's not true. Even a large tomato grower contributes to our food supply—and if a company like that is shut down, it has an impact. If your company depends on the internet or IoT, cybersecurity is no longer a luxury. It's your core business. So make sure you're well prepared."