Join the free 2-day Microsoft Change Agent course this month
Case Study |

Recovery plan after a cyber-attack – British Library

Recovery plan after a cyber-attack – British Library

The British Library experienced a significant ransomware cyber-attack by the Rhysida gang, which compromised the majority of the library’s online systems. The attack involved data exfiltration, encryption or destruction of substantial portions of the server estate, and forced lockout of all users from the network.

Jump to section

Challenges

  • Extensive damage to server infrastructure and systems
  • Exfiltration of approximately 600GB of data, including personal information
  • Disruption of core library services and research capabilities
  • Need for rapid response and decision-making during the crisis
  • Complexity of rebuilding and modernising legacy IT infrastructure
  • Balancing service restoration with enhanced security measures

Approach

  • Swift activation of Crisis Management Plan and formation of Gold Crisis Response Team
  • Engagement with National Cyber Security Centre (NCSC) and specialist cyber security advisers
  • Proactive communication with regulatory bodies, staff and users
  • Forensic investigation to understand the attack’s timeline and entry points
  • Implementation of immediate security measures, including credit monitoring for affected individuals
  • Development of a ‘Rebuild & Renew’ programme for service restoration and infrastructure modernisation

Outcomes and benefits

  • Containment of the attack and prevention of further spread to desktop and laptop estates
  • Maintenance of on-site services, exhibitions and events throughout the crisis
  • Gradual restoration of core services, including a searchable online catalogue
  • Accelerated modernisation of IT infrastructure and security measures
  • Increased organisational awareness of cyber security risks and best practices

Lessons learnt

  • Importance of multi-factor authentication (MFA) for all system access points
  • Need for regular review and updating of security measures, especially for legacy systems
  • Criticality of robust backup systems and disaster recovery plans
  • Value of clear communication strategies during cyber incidents
  • Importance of balancing third-party access with stringent security controls
  • Need for ongoing investment in IT infrastructure and security measures
  • Benefits of cloud-based solutions for improved security and resilience
  • Importance of embedding cyber security awareness across the entire organisation

View original case study article at bl.uk [PDF]