This week, leaders around the world gathered together for the NATO Summit in Brussels to make decisions on a variety of topics to address the security challenges of today and tomorrow.
The most damaging cyberthreats that hit enterprises in 2020 were social engineering attacks, ransomware, DDoS attacks and vulnerabilities from third party software. In the first half of 2021, we’ve seen some of the largest organizations including Pulse Secure, SolarWinds, SonicWALL, and Fortinet make headline news about cybersecurity incidents. Unpatched vulnerabilities in products from these companies have left organizations exposed and actively exploited.
In April, NATO posted “Cyber threats to the security of the Alliance are becoming more frequent, complex, destructive and coercive. NATO will continue to adapt to the evolving cyber threat landscape. NATO and its Allies rely on strong and resilient cyber defences to fulfil the Alliance’s core tasks of collective defence, crisis management and cooperative security. The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats and attacks it faces.”
The leaders that gathered this week agreed “that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.” This is agreement that could result in the call for the organization’s clause, Article 5.
Article 5 is a commitment clause that commits each member state to consider an armed attack against one member state, in Europe or North America, to be an armed attack against them all.
As reported by The Hill, the United States and other North Atlantic Treaty Organization nations endorsed a new cyber defense policy Monday as part of the NATO summit in Brussels.
NATO released the Brussels Summit Communique which said, “Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law.”
According to Jim Gogolinski, vice president of research and intelligence at iboss, “The recent communique from NATO is a stark reminder of the grave consequences that can arise from offensive cyber operations. These operations range from disinformation and smearing campaigns that can adversely impact the democratic processes of NATO members, through attacks that may, even inadvertently, damage critical infrastructure, to attacks directly targeting military personnel and infrastructure.”
In the event of a cyberattack, NATO members may invoke article 5, which would equate the cyber operation with an actual armed attack against the same institution. Cyber operations add an additional dimension to the arsenals of all nation-states. Like any other weapon at their disposal, nation-states must fully understand the risks and ramifications of any cyber-operations and accept that there may be cyber and/or kinetic responses to any proven attack that impacts national security.
As cyberthreats continue to grow in size and scale, organizations of all sizes and in all industries across the globe must ensure they are taking extensive efforts to improve their cybersecurity postures.
If you are considering a migration to SASE, check out our ebook in which we outline 5 steps for a successful migration.
Download iboss’s whitepaper, TIC 3.0: Modernizing Federal Security Architectures and Moving Toward Zero Trust.