Museums, galleries and archives have been urged to tighten their cyber security following the massive ransomware attack on the British Library.
Museums, public archives and galleries are among the latest organisations to be hit by the cybercriminal group Rhysida, with the British Library suffering a ransomware attack in October. The now notorious group threatened to dump nearly 600 gigabytes of leaked data online, including personally identifiable data traceable to customers and staff, a threat which it carried out after demanding £600,000 payable in bitcoin to halt the attack.
What are the cyber risks to public institutions?
In the initial phases of the attack, basic services such as email became denied, and significant IT infrastructure was rendered inoperable by encryption. While many of these services are now enabled once again, the internationally famous institution is still suffering significant disruption to its online systems and services.
Many institutions such as libraries, museums, and public venues are almost completely reliant on digital systems to manage communications, bookings, payroll, point-of-sale systems, legal services and even management of automation, lighting and sound as it relates to exhibits. Sadly, the reliance on technology by institutions dependent largely on grants or public money is not always matched by the willingness or financial incentive to secure that technology from hostile actors and cybercriminals, and this incident has caused a great deal of alarm in public institutions worldwide, who are now double-checking their systems and doing all they can to ensure they do not suffer a similar fate. In fact, in October, The Public Library of Toronto was the victim of a similar ransomware attack.
Checking your cyber risk
Organisations that perform archival functions on behalf of the public should be showing high awareness when it comes to protecting the data they hold, but generally, investigations after the fact show this not to be the case. A cyber risk investigation using Trust365’s extensive cyber risk toolkit found that the British Library’s cyber posture was one of high risk, well below the standard of public libraries across the UK in general, and a scan of known sources on the dark web found over 4700 compromised credentials relating to the British Library’s domain, and over 151 potential publicly exposed assets relating to network and IT, as well as application security. These ranged from email domains in use by the institution for internal communications having no relevant SPF record, opening up mailboxes to attack through spoofing, to running mail servers internally using server and web technologies with existing vulnerabilities.
How can organisations improve their cyber posture?
Issues like these can be remedied easily in most cases, by migrating to zero-trust cloud technologies for identity management, email and data storage. Websites can be built and managed using platforms with simple automatic security patching and DNS records for domains in use for communications carrying the correct record types to ensure email senders can only come from a range of trusted sources. Movement to reliable, secure systems, such as migrating user identity management and email to the cloud, usually comes with a significant one-time cost that can put organisations off making these changes. This cost however, needs to be balanced against the expense incurred by any organisation that fails to fulfil its duties concerning data protection, and a breach in the case of the British Library is estimated to have a final cost of around £1.5M. A high price to pay indeed. It’s not just a monetary cost either; members of the public have the right to see their data and privacy are being properly safeguarded, and attacks on institutions such as libraries, schools and massive public bodies such as the NHS have shown that when it comes to adhering to GDPR legislation and regulations laid down by the ICO, public institutions in the UK are well behind the curve.
How do I make sure I’m protected against cyber threats?
Cutting-edge security products such as the suite of tools available from Trust365 offer complete protection for vulnerable websites and domains, sometimes in the case of products such as TrustiSite, by ensuring sites are certified, and that plugins, media, connected apps and forms are fully up-to-date and secured against the latest online malware threats, and other products such as TrustiMail, completely remove threats of ransomware, spoofing and phishing, by taking away the vector these threats use. By completely encrypting and routing your Outlook or Google mail through Trust365 servers, TrustiMail ensures that you can communicate securely and with enhanced functionality using your existing cloud or workstation email client, with complete confidence that your messaging is totally secure.
With licensing starting at £7 per user per month for TrustiMail, it’s never been easier to remove the possibility of email-based threats from your business or personal messaging. If you’re worried that you might be vulnerable, or you don’t know where to start with checking the security of your emails or website, there are easy-to-use, free scanning tools available at https://www.trust365.com/products/
Avoiding a costly fate
Whatever the future holds in terms of cyber threats, it seems that for most large, publicly-funded institutions, even grappling with the security issues of yesteryear is proving to be a problem, with organisations commonly still reliant on ageing infrastructure, lacking in expert staff, and suffering from poor security training and awareness. It’s becoming increasingly clear that institutions need to adapt to the acceleration of the cyber threat landscape, and invest in and adopt new technologies and practices before they suffer attacks that will end them.
However expensive it may be to meet their data protection responsibilities, it’s never as costly as failure.
