Presenter: Brian Myers
Room: Crater Lake South, EMU 145, Level 1
Presentation: Kidnapping a Library: How Ransomware Taught the British Library to Follow Well-Known Best Practices 
Time: 03:30p – 04:00p     

In 2023 one of the largest libraries in the world fell victim to a ransomware attack. Their online catalogs were down for months, and the cost of recovery was over eight million dollars. In March 2024 the library posted a detailed 18-page account of what happened and what the they learned from the experience. I studied the full report so you don’t have to.

If the analysis contains any surprises, it’s that there are no real surprises: the problems the British Library faced are common to many businesses, and the improvements the Library developed in response to the attack are reassuringly familiar best practices. We know how to reduce risk for problems like ransomware.

In this talk I’ll draw from the Library’s report to summarize the attack and explain how security controls such as network monitoring capabilities, multi-factor authentication, defined intrusion response processes, holistic risk management, and cyber-risk awareness at senior levels would have made a difference for the British Library–and might in your company too.