Enhancing Cyber Resilience: Lessons from the British Library’s Ransomware Attack
Share article:
You may also like to read
The British Library is finally restoring services a year after a cyber-attack. It is one of the largest in the world, containing over 150 million items.
In October last year, the British Library’s website and online systems suffered a major outage due to a cyber attack claimed by the Rhysida ransomware gang. This attack disrupted the library’s operations, affecting its ability to provide services to its users.
The threat actor then listed data belonging to the British Library for sale later in the month.
The library was then plagued with massive clean-up costs and times, finding that its expenses could be between £6 million and £7 million, over ten times the £600,000 Rhysida of the set ransom.
The disruption to one of the world’s largest resources for research, development, and learning materials has inevitably delayed many more projects at an immeasurable cost.
While restoration began in January of this year, the British Library is only just restoring its key systems. This process involves:
- Thoroughly reviewing the affected systems.
- Implementing security measures to prevent future attacks.
- Gradually bringing back online services.
In a blog post earlier this month, British Library CEO Sir Roly Keating reported that five services were being restored. These services are expected to be fully operational by the new year.
“This month marks the first anniversary of a criminal attack on the library, which, as we detailed in a report earlier this year, has affected almost every aspect of our public service. As our users and regular readers know only too well, the journey to recover full access to our collection and services has been challenging and sometimes frustrating,” said Keating.
“It’s reassuring, therefore, to be able to report that as of this week, with the reopening of the National Newspaper Building in Boston Spa – containing some 750 million pages of newspapers and periodicals dating back to the 18th century – we have now restored access to 100 per cent of the library’s printed collections that were available before the cyber attack.”
Keating said that remote ordering, access to the rest of the library’s physical collection, online learning resources, digitised manuscripts and electronic legal deposits were restored.
“Alongside all of this, we are also deep into planning the next phase of our recovery programme, which will take us into the new year,” added Keating.
“Areas of particular focus include our sound archive and popular and much-missed Ethos resource of 600,000 digitised theses”.
“In the longer term, as I’ve mentioned previously, work continues to implement a new end-to-end platform for all our library services – a vital project which was already in planning before the attack and which will ultimately provide not just relief from the challenges of the past year, but a better and more integrated service than we were ever able to offer before.”
Lessons Learned and Prevention Measures
From the British Library’s experience, several vital lessons can be drawn to form effective prevention measures:
Invest in Robust Cybersecurity Infrastructure:
- Implement advanced threat detection and response systems.
- Regularly update and patch systems to protect against known vulnerabilities.
Enhance Incident Response Capabilities:
- Develop a comprehensive incident response plan that includes clear roles and responsibilities.
- Conduct regular drills and simulations to ensure readiness.
Strengthen Data Protection:
- Encrypt sensitive data both at rest and in transit.
- Implement data loss prevention (DLP) solutions to monitor and protect data.
Foster a Security-First Culture:
- Promote a culture of cybersecurity awareness and responsibility among all employees.
- Encourage reporting of suspicious activities and potential security incidents.
NIST Principles of Cyber Resilience
We can apply the NIST cyber resilience principles to learn lessons to enhance cybersecurity postures and prevent similar incidents. These principles focus on the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
Anticipate
- Threat Intelligence: Regularly update threat intelligence to stay informed about emerging threats and vulnerabilities.
- Risk Assessment: Conduct continuous risk assessments to identify potential weaknesses and prioritise mitigation efforts.
Withstand
- Segmentation: Implement network segmentation to limit the spread of malware and restrict lateral movement within the network.
- Access Controls: Enforce strict access controls and multi-factor authentication to ensure only authorised personnel can access critical systems.
Recover
- Backup and Restore: Maintain regular backups of critical data and ensure that restoration processes are tested and effective.
- Incident Response Plan: Develop and regularly update an incident response plan to address and mitigate the impact of cyber incidents quickly.
Adapt
- Continuous Improvement: Establish a culture of continuous improvement by regularly reviewing and updating security policies and procedures based on lessons learned from incidents.
- Training and Awareness: Conduct ongoing cybersecurity training and awareness programs for all staff to ensure they know the latest threats and best practices.
By integrating these NIST principles and lessons learned, organisations like the British Library can significantly enhance their cyber resilience and better protect their valuable resources and services from future cyber threats.
If you need help with assessing how this relates to your cyber resilience and how to apply these principles to your organisations’ secure environment, contact Ascot London.