May 14, 2021 •
You might already be thinking, “radio stations, really?’ Surely banks or multi-national corporations like Amazon or even accounting firms would be more of a target for cyber attacks than a station playing tunes and sharing the latest news.
But cyber attackers see little difference between a financial firm and a media company when both have access to private data. In fact, they may be even more motivated to hack into a radio station due to the enticing appeal of forcing a dreaded “dead air” event, or broadcasting something that decimates listener trust.
And this isn’t just a hypothetical situation to be aware of for future reference. Radio stations have been hacked before and the numbers of incidents are continuing to rise.
Cyber attacks against radio stations look very similar to hacks of other companies. Often an employee clicks on a malicious phishing link or downloads free software onto the network. But that’s not all. According to Security Intelligence, the most common threats for media companies are distributed denial-of-service (DDoS) where a network or trafficked website is overloaded, SQL injections, Domain Name System (DNS) attacks, pirating, or trojan horse attacks. And the result of these attacks could be catastrophic.
Take the case of NPR- and PBS-affiliated station KQED in San Francisco, which suffered a debilitating ransomware attack in 2017. “What was it like? Think of a really boring episode of ‘The Twilight Zone’—or better yet, ‘Black Mirror’, the publication wrote in the aftermath.
Countless audio interviews were lost and everything connected to the network at KQED was down, forcing IT staff to write directions on pieces of paper taped to employees’ desks. It took months for the station’s IT to get its network back on track. “Worst stress of my life,” said the station’s head of IT, John Reilly.
Similarly, hackers managed to get into the network at WZZY in Indiana and broadcast an Emergency Alert System that alerted the public of a zombie attack, and several stations were hacked to play YG & Nipsey Hussle’s track “FDT (F* Donald Trump)” following the election of the former president.
“It’s not if you will be breached; it’s when,” said Kelly T. Williams, the senior director of engineering and technology at the National Association of Broadcasters, to Radio World. “So be ready.”
KQED estimated it would spend nearly half a million dollars on increased cybersecurity to protect against future threats, not to mention the countless hours of productivity loss. And they’re the lucky ones.
“For smaller organisations, a cyber attack could potentially compromise and bankrupt the business altogether,” said Scott Borg, the director and chief economist of the US Cyber Consequences Unit, to IBC.
Unless you’re going to lock your computer turned off and in a cage, you can’t guarantee with 100% certainty that you won’t experience a cyber attack — but there are ways to mitigate the risks.
Training employees to not click on malicious links or download suspicious software on work computers or when connected to the network (as was the case with KQED) are good places to start. As is consistently backing up your data and storing it off-site and offline. But a simple way to protect your station today is with a quick and easy-to-use system for 2-Factor Authentication (2FA).
Get started with a 15-day free-trial now.