Cultural Institutions Increasingly Vulnerable to Cyberattacks
Last October, the British Library fell victim to a massive ransomware attack, sending shockwaves through knowledge repositories worldwide. The attack, believed to be orchestrated by the Rhysida ransomware group, resulted in the theft of user and employee data. Attackers released low-resolution images of employee passports and dumped almost 600 GB of leaked material online, demanding a ransom of 20 bitcoins, or approximately $750,000 (£600,000). This incident shed light on the vulnerability of libraries and other knowledge resources to digital attacks, which can have far-reaching implications on global history, culture, and politics.
As institutions such as the British Library, Library of Congress, and Bibliothèque nationale de France increasingly transition their extensive collections to digital formats, they become more susceptible to cyber threats. The reliance on technology for online activities, digital exhibitions, and interactive experiences using wireless networks has democratized access to knowledge but has also opened new avenues for exploitation by cybercriminals.
The cyber-attack on the British Museum is part of a broader trend of increased cyber threats against cultural institutions. Anonymous hackers breached the personal details of donors to hundreds of cultural institutions across the UK and US, with millions of attacks recorded over three years. Even more concerning is the involvement of state-sponsored entities equipped with sophisticated tools and resources, driven by motives beyond financial gain, such as controlling, manipulating, or erasing historical narratives and cultural identities. This presents a significant challenge since public institutions like libraries lack the necessary budget, staff, and resources to effectively withstand advanced cyber attacks.
One of the critical challenges facing these institutions is the lack of resources, both financial and technical, to adequately defend against cyber threats. While large corporations and government entities often have significant budgets for cybersecurity, libraries and museums, despite their importance, do not have the same level of funding or expertise. Additionally, the open and public-serving nature of these institutions makes them inherently more vulnerable, as they conflict with stringent security measures needed to protect against cyberattacks.
As museums continue to adopt new technologies, experts stress the importance of ensuring that security measures grow and mature in line with innovation. Measures such as regular vulnerability scanning, staff training on safer remote working practices, phishing scam identification, and adherence to data protection laws are crucial in mitigating these risks. However, the responsibility for securing these institutions also falls on governments and other organizations. Increased funding for cybersecurity measures, public-private partnerships, and global cooperation to address cross-border cyber threats are among the approaches proposed to mitigate these risks.
In conclusion, the cyber-attack on the British Library and the broader trend of increased cyber threats against cultural institutions highlight the urgent need for enhanced security measures and resources to protect the invaluable knowledge and historical records held within these institutions. Failure to do so could have dire implications for global history, culture, and political landscapes.