INSIGHTS ¦ Learning Lessons from the Cyber Attack – British Library


Summary

The British Library experienced a significant cyber-attack in October 2023, prompting an in-depth review and the implementation of a comprehensive recovery and future-proofing strategy. The incident not only disrupted the Library’s operations but also led to the exfiltration of 600GB of sensitive data. This event has catalyzed a transformation in the Library’s approach to cybersecurity, infrastructure resilience, and risk management, aligning with its “Knowledge Matters” strategy for a more secure future.

Key Points

  1. The cyber-attack occurred in October 2023, significantly affecting the British Library’s operations.
  2. A forensic investigation identified a server likely used as the attackers’ entry point.
  3. The attackers exfiltrated 600GB of data, including personal information, subsequently dumped on the dark web.
  4. The attack involved data encryption, system destruction, and ransom demands, severely hampering Library operations.
  5. Despite the attack, physical library premises remained operational, with certain services maintained.
  6. The Library’s technological infrastructure, heavily reliant on legacy systems, was identified as a key vulnerability.
  7. A major software overhaul is required as many systems are either unsupported or incompatible with new security measures.
  8. The Library’s response included a transition to recovery, aiming to rebuild a secure and resilient technological framework.
  9. The incident underscores the need for improved cybersecurity measures and a culture of security awareness.
  10. The Library’s complex network and manual data processes increased the severity of the attack’s impact.
  11. Future risk assessments will emphasize the heightened threat of cyber-attacks and the importance of embedding cybersecurity.
  12. Lessons learned from the attack are shared to benefit peer institutions and enhance sector-wide cybersecurity resilience.

Key Statistics

  • 600GB of data was copied and exfiltrated by the attackers.
  • The Library’s digital and digitised collections, along with metadata, are secure but restoration is hampered by infrastructure damage.
  • Initial cyber-attack detection was delayed, with the first evidence of network compromise occurring three days before it became apparent.
  • The recovery and rebuild efforts are projected to take 18 months, highlighting the extensive impact on the Library’s technological infrastructure.
See also  [INSIGHTS]: Too Much Information? Key Considerations for Vulnerability Data-Sharing

Key Take Aways

  • The severity of the cyber-attack on the British Library underscores the critical need for robust cybersecurity measures and regular risk assessments.
  • Legacy systems and complex network designs significantly contributed to the attack’s impact, highlighting the necessity for modernisation.
  • Transparent communication and staff engagement were essential in managing the crisis and will be crucial in future recovery efforts.
  • The incident highlights the importance of multi-factor authentication and network monitoring as fundamental security measures.
  • Recovery from such a comprehensive attack requires substantial investment in technology, policy, and culture changes to enhance resilience.
  • Collaboration and knowledge sharing within the sector can strengthen defences against future cyber threats.
  • Embedding a culture of cybersecurity awareness across all levels of the organisation is essential for prevention and effective response to incidents.
  • The transition to cloud-based technologies offers opportunities for improved security but also presents new challenges that must be managed.
  • Business continuity planning must encompass scenarios of total system outages and include regular practice drills.
  • The attack’s comprehensive review and the forward-looking approach to rebuild signify a commitment to safeguarding the Library’s future.
  • Prioritising the security of digital collections is crucial in preserving national heritage and ensuring continued access to knowledge.
  • The British Library’s experience serves as a valuable lesson for other institutions in the importance of cybersecurity preparedness and resilience.
RO-AR insider newsletter

Receive notifications of new RO-AR content notifications: Also subscribe here - unsubscribe anytime