There are many parallels between cybersecurity and fire safety. We explore some of those parallels in other posts on this blog, and we’ve seen some other good posts on this topic. Security controls vs. fireproof construction materials. Phishing simulations vs. fire drills. Among many others. I’d like to point to a couple parallels that might be less obvious.
The Great Baltimore Fire is considered one of the worst urban fires in American history, alongside the Great Chicago Fire and the San Francisco Earthquake and Fire. The Baltimore Fire occurred on February 7 to February 8, 1904, devastating much of the city center. The fire destroyed over 1,500 buildings and caused an estimated $100 million in damages, that’s around $3 billion in today’s dollars. It burned for about 30 hours, covering an area of approximately 140 acres.
Though the fire didn’t cause any direct casualties, it still burned a lot longer than it should have, and caused a lot more damage as a result. The fire departments of all the big east coast cities, from Washington DC to NYC sent men and materiel to help the Baltimore Fire Department. But to no avail.
The fire’s spread was exacerbated by the lack of standardized firefighting equipment, as many out-of-town fire engines could not connect to Baltimore’s hydrants. The sizes of the hose couplings were different in every city in America. So the additional firefighters proved useless.
The aftermath led to significant changes, including the adoption of a new building code emphasizing fireproof materials and the standardization of firefighting equipment across the United States.
If only we learned our lessons as quickly today! Industry is riddled with major security incidents, costing the world economy over $10.5 trillion annually – that cost set to double in the next three years. With the human now being the #1 attack vector for modern hackers, we need to establish a framework for human risk management (HRM) that enables the security teams of all companies to better protect their employees.
This is the charter of the Cybersecurity Human Risk Management Forum. A small, but growing group of cyber leaders working together to solve this problem. The resulting CHRM Framework is meant to standardize the terminology, quantification, and methodology around human-centric tools and processes. Get in touch! Join the forum and help all of us keep people safe in the digital domain.
