Strategy of full transparency
The British Library is the national library of the United Kingdom and one of the world’s largest libraries. In October 2023 it was the victim of a major ransomware attack that severely disrupted its operations and compromised sensitive data. Its historically complex and diverse technology infrastructure likely contributed to the attack’s impact. The organization adopted a strategy of full transparency and produced a detailed report into the causes and nature of the attack and initial recovery. Its experience offers key lessons for all organizations about cybersecurity vulnerabilities and crisis management.
The lessons
1. Enhance network monitoring capabilities
To ensure full coverage across legacy and modern infrastructure.
2. Retain on-call external security expertise
To enable rapid incident response.
3. Implement comprehensive multi-factor authentication
This should include all external access points.
4. Conduct in-depth security reviews regularly
An effective cybersecurity strategy requires continued vigilance and adaptability.
5. Implement network segmentation
To limit potential damage from breaches.
6. Regularly practice business continuity plans
To prepare for total system outages.
7. Maintain a regularly updated and holistic view of cyber risks
At senior management and supervisory board levels (also vital from a compliance and governance perspective).
8. Focus on resilience and invest in response and recovery processes
To recognize that it’s not always possible to understand or “fix” the root cause of a breach.
9. Prepare for ransomware as a damage-minimization game
Any attack will likely have a damaging impact, but the extent will depend on your level of preparedness.
10. Conduct detailed impact assessments of potential attacks on your core purpose
To identify your ability to fulfill the main business functions across multiple areas.