British Library: lessons learned from ransomware attack
Detailed, 18-page report lays out timeline of cyber-attack in October 2023, the Library’s responses and what we can all learn about cyber security.
‘Our hope is that doing this will help other organisations to plan and protect themselves against attacks of this kind,’ says Sir Roly Keating, Chief Executive of the British Library.
Photo by Steve Cadman
‘The threat of aggressive and disruptive cyber-attacks is higher than it has ever been, and the organisations behind these attacks are increasingly advanced in their techniques and ruthless in their willingness to destroy whole technical systems.’
As the report makes clear, British Library staff discovered on October 28, 2023, that their systems had been compromised – but it now seems that the Rhysida criminal gang had access for at least three days prior to this. Some 600GB of files were exfiltrated (illegally stolen) from the Library’s systems, including personal data of Library users and staff. In the process, some Library servers were destroyed and other data and systems encrypted. The Library’s digital catalogue and other services were put out of action.
When the British Library refused to pay a ransom – which other reports have claimed was for £600,000 – the gang dumped the stolen information on the dark web. The Library’s corporate information management unit continues to review this material and notify those affected.
In January, the catalogue of 36m digital records could again be accessed by the public. Work to restore services is ongoing. The PLR system, by which authors receives royalties when their books are loaned out by libraries across the country, has seen statements and payments delayed – but on course to be paid out by the end of this month.
The British Library report does not say how much all this effort will cost. Earlier in the year, the Financial Times suggested a figure of £16.4m from the Library’s unallocated resources.
In seeking to learn lessons from the cyber-attack that can benefit the wider sector, the report says: ‘Many of the major collections institutions in the DCMS family and the wider sector are likely to have similar risks to the British Library in terms of investment levels in cyber-security, legacy
infrastructure, and difficulties attracting and retaining sufficient IT talent. A significant part of the
national collection, across multiple institutions, now exists in digital form – in some cases digital-only – and we all have a vital interest in ensuring that this vast and growing national asset is protected from increasingly sophisticated and destructive cyber-attacks.’
It makes 18 recommendations, which included enhanced network monitoring capabilities, retaining on-call external security expertise, fully implementing multifactor authentication, enhancing intrusion response processes, and implementing network segmentation. For the full list of recommendations, see pages 17 and 18 of the report.
In related news:
Leave a Reply