The recent cyberattack on the British Library has raised concerns about the vulnerability of academia as it sheds light on the insufficient security measures within the educational sector.
According to AFP, many urged the academia to protect its "crown jewels" after the hacking incident.
LONDON, ENGLAND - NOVEMBER 23: A general view of the exterior signage at The British Library on November 23, 2023 in London, England. Rhysida, a ransomware group, has claimed responsibility for the October 31 cyber attack, leading to the leakage of employee data, including passport photos and HMRC employment records.
British Library Cyberattack
The British Library, home to a vast collection of 170 million items, suffered a cyberattack at the end of October, rendering its electronic services, including the essential catalog, inaccessible.
The incident severely impacted the location of items within the extensive collection, affecting researchers, students, and the public. The library houses treasured cultural artifacts like the earliest surviving copy of "Beowulf" and the first collected edition of William Shakespeare's plays.
Claimed by the hacking group Rhysida, the attack employed ransomware and encrypted files and demanded payment for their release. The British Library refused to pay the 20-bitcoin ransom (equivalent to $850,000), prompting the group to release approximately 500,000 files comprising personal data of staff, readers, and visitors on the dark web.
Azeem Aleem, Managing Director for Northern Europe at cybersecurity firm Sygnia, emphasized that academia and the public sector are becoming lucrative targets for hackers due to comparatively lax security protocols.
The incident underscores the pressing need for improved cybersecurity measures in educational institutions. While the library's catalog has been partially restored, the situation is deemed critical, with estimates suggesting months may be required for full-service restoration.
Aleem warned that recovery costs could exceed £6.0 million ($7.6 million), constituting a significant portion of the library's financial reserves.
The cyberattack was orchestrated by exploiting potential vulnerabilities, possibly through phishing or exploiting system vulnerabilities. The incident emphasized the importance of bolstering cybersecurity in the education sector.
Read Also: 23andMe Blames Victims on Recent Data Breach Incident Concerning 6.9 Million Users
Point of Vulnerability
The British Library's commitment to openness and access was noted as a point of vulnerability, requiring a delicate balance between embracing technology and safeguarding digital heritage.
British Library Chief Executive Roly Keating acknowledged the challenges posed by the evolving cyber threat landscape and emphasized the need for increased vigilance.
In response to the attack, experts, including Aleem and researcher Louise Marie Hurel, called for enhanced cybersecurity practices, improved awareness, and the classification of the education sector as critical infrastructure.
To initiate the recovery process, institutions must deploy backup systems, enhance resilience, and scrutinize the digital footprint of the attackers to gauge the full extent of the breach.
Proposed measures encompass simulated hacking exercises and the creation of dedicated rapid-response "war rooms" designed to bolster defenses against potential future cyber threats.
This hacking incident underscores the importance for academia to prioritize and invest in comprehensive cybersecurity measures to protect vital digital assets and sensitive data.
Related Article: Australian State Court Hit With Cyberattack, Court Recordings Accessed and Possibly Stolen
