British Library on why it kept it real in ransomware comms The Register

pCyberUK Emotional intelligence was at the heart of the British Librarys widely hailed response to its October ransomware attack according to CEO Roly KeatingppThe British Librarys BL ransomware attack last year was one of the most damaging in recent memory at least in the UK The transparency of the organizations response over the following months was hailed as what should be the industry standardppAt no point did we engage with the perpetratorsppKeating said from the outset the Library was acutely aware of how many partners scholars and researchers rely on its services worldwide so the plan was to communicate often even if that was just a short update saying very littleppBut I think its probably fair to say early on it was all quite dry rapidly we began to realize we had to be a little bit more emotionally intelligent than that he told delegates at British cyberintelligence talkshop CyberUK 2024 last week ppWe were having very strong feelings of frustration anger anxiety Those feelings were shared by our staff whose data had been lost Our users data had been taken away and published So gradually we increased our focus on wellbeing paying attention to how people were feelingppKeating said the BL started to adopt a more human voice apologizing where necessary and acknowledging the difficulty of the bouts of uncertainty that come with a ransomware recoveryppIt all culminated in March when the BL published a candid deepdive into the incident which laid bare the state of its aging architecture that ultimately allowed the Rhysida gang to carry out its attackppOur real focus I have to say was on those in our peer organizations in our sector the cultural sector the collection sector the library sector for whom although cyber is obviously part of the risk register its not always front of mind Keating saidppWe felt that by sharing information where we did err on the side of openness and candor and Ill be the first to say that not everything we put in there makes comfortable reading for ourselves but I think thats probably a common feeling for anyone going through an experience like thisppWhat we do hope is that if doing this strengthens the ability of others to strengthen themselves against these attacks which will come then some good will have come from this dreadful incident The lessons are there If youve read the paper there are many of them They are for us to learn but perhaps some may have relevance for othersppBL received a wealth of support and expert advice from partners stakeholders and national authorities such as the NCSC from the getgo including around public comms Its a point Keating established clearly perhaps to tie his account of the incident in nicely with the key messaging of the event to build national resilience to cyber attacks by increasing crosssector collaboration and opennessppDelegates of the UKs National Cyber Security Centres NCSC conference last week were told that crosssector collaboration is as important as ever during this limited window of opportunity to stifle Chinas bid for tech dominance Keatings tale of working with numerous experts to overcome an incident and emerge stronger on the other side fits neatly with one of the events core themesppGiven the highprofile nature of the attack at the BL there is understandable intrigue among many about when the national institution will be back to full operationppKeating said Full restoration is only a matter of time but it will take time And although there is an atmosphere of relative normality if you come to the BL were thriving in all sorts of ways but behind the scenes there is a much longer journey of full technical rebuildppThat rebuild will likely involve the management and retirement of legacy systems and deploying MFA widely across the organization These were the two main issues the CEO highlighted referencing the full report published in March ppLibrary service availability is still spotty Its onsite exhibitions and reading rooms are still open to the public but many of its research services that are relied upon by so many remain either entirely unavailable or partially available ppNew capability is being restored regularly though and prospective users can keep tabs on available services via the BLs websiteppOf course the number of services available to librarygoers now is much expanded from the first days of the attack which floored everything from materials access to credit card terminals and building WiFippKeating said the early days were a strange time given the building was open as normal all while behind the scenes a calamity ensuedppOne peculiarity of our position was that none of the systems that were attacked affected our ability to open the building so at no point did the British Library North or South ever have to close its doors to the public What was affected was the quality of service we could give noted Keating ppSo it was an atmosphere of almost studied normality at some times in terms of some of our public visitors coming on site But of course behind the scenes we were absolutely lacking some of the fundamentals And I should add at no point being wholly conscious of public policy and as a public organization did we engage with the perpetrators ppWhat we did have to think about constantly was storytelling and narrative and communication with our stakeholders with our staff with our board everyone we work with in the British Library which by the way works with partners right across the UK and across the world ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982024

p