Cyber space with cross bones

The advances in technology over the past couple of decades have greatly impacted the fire service, helping to keep firefighters safer, better prepared, and able to do their jobs more efficiently. But as we all know, technology use comes with risks of cyberattacks. According to a Clark School study at the University of Maryland, there is a hacker attack every 39 seconds on average, and the 2019 Global State of SMB Cybersecurity report says that 76% of U.S. businesses have experienced a web-based attack in the previous year. On top of that, the current COVID-19 pandemic has had an impact on cybersecurity, as the FBI has reported a massive 300% increase in cybercrimes since the beginning of the pandemic.[1]

When it comes to cyberattacks, it’s not just individuals and for-profit businesses that are targets. Healthcare and government agencies, including fire departments, are also at risk. These attacks can hijack your fire agency’s technological systems and jeopardize the ability of you to protect property and lives. Fire departments can be treasure-troves of sensitive information and can make an easy target for cybercriminals if the security remains weak. With so much at stake, it has become vital for fire departments to make it a priority to educate themselves on cybersecurity and best practices before a breach happens, instead of learning these lessons the hard way.

In this blog post, we’ll discuss the most common types of cyberattacks a fire department could be vulnerable to, and the steps you can take to protect your agency.

Ransomware

There are several types of security breaches that can occur, including phishing, ransomware, viruses, and trojans. One of the most common and profitable for hackers is ransomware, which works by encrypting a victim’s hard drive, denying them access to key files, and demanding a ransom to decrypt the files and give access back to the user. A couple of years ago, municipal systems in Atlanta, GA were attacked, causing widespread outages that halted many city services and it’s estimated that the city ended up spending at least $2.7 million on emergency efforts to respond to the attack [2]. This year, the City of Knoxville was hit with a ransomware attack, forcing a shutdown of the system [3]. The global costs of ransomware this year is estimated at $20 billion [4].

Phishing

Another common type of cybercrime is phishing. Phishing scammers use email or text messages to trick you into giving them your personal information. They try to steal sensitive information like passwords, account numbers, or Social Security numbers. Phishing emails often appear to come from a company or person you know and trust. Scammers often create messages similar to what a bank, credit card company, social networking site, or online payment website/app would send. When targeting your fire department, they may send emails that appear to come from mutual aid agencies, non-profit organizations, or the federal government [5].

IoT Attacks

An IoT (internet of things) device is any device that has the ability to transfer data over a network without requiring human-to-human or human-to-computer contact (e.g., smartwatches, refrigerators, fitness trackers, doorbells, etc.). In a fire department, IoT devices could include things like thermal cameras, alarms, smart sprinklers, personal safety devices, and more. These devices can be hacked in as little as five minutes by cyber attackers and if not properly protected, could leak sensitive information. IoT attacks are a growing threat, as the increase in IoT devices surges at a rapid pace, due in part to the introduction of 5G [6].


Tips for Protecting Your Fire Department

If you would like even more tips or want to read up on other cybersecurity risks, we recommend downloading this helpful guide from the American Military University.