Marcin Werla’s Post

The British Library, custodian of 170 million items, dating back 4,000 years, suffered a data breach back in Oct 2023. A few days ago, they published a transparent review of the attack. The review includes details of complexities introduced back in 2013, performance benchmarking since 2015, and accreditations from 2019. It gives hour by hour details of the initial response to the detection and looks forward to the restoration of full service. I know what it's like to be the first to discover suspicious activity - trying to establish how bad the day / week / month is going to get. It's not a good way to start your day. If you or your company has "reliance on a significant number of ageing legacy applications", have storage which uses "certain sensitive keywords in its naming convention, such as ‘passport’ or ‘confidential'", or work in an environment with exceptions to security recommendations "for reasons of practicality, cost and impact" you should read the review. We should also thank the Library leadership for making the review available so we can all benefit from their terrible experience.

Six days ago The British Library published this white paper. Brave move but a wise one, hopefully, to help others. The statement about MFA is key to why they were not stopped after they compromised priveledge credentials. "In common with other on-premise servers, this terminal server was protected by firewalls and virus software, but access was not subject to Multi-Factor Authentication (MFA). MFA was introduced across the Library in 2020 to increase protection of all remote activities relating to cloud applications such as email, Teams and Word, but for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain (including machine log-on access and access to on-premise servers) would be out of scope for MFA implementation, pending further renewal of the Library’s infrastructure. The lack of MFA on the domain was identified and raised as a risk at this time, but the possible consequences were perhaps under-appraised."

🧨🧨 Complacency is the enemy of cybersecurity Reflecting on the recent cyber-incident review from the British Library, the report clearly illustrates the importance of ongoing investment in proactive defensive measures to safeguard critical data, assets and services. What scares me is how many businesses and charities still lack appropriate personnel at either board or advisory level. This needs to change dramatically, and cutting through the bureaucratic or social barriers between those who make decisions and those who execute them is equally as crucial. Decision-makers, be mindful of your duties, and of the personality traits of your technology leaders: https://lnkd.in/eiXS8WEX For the implementers and tech leaders, make sure you can translate your strategies into clear plans that resonate with the business goals. CTO Academy As for actions you can start today, audit your software and systems for outdated components. Ensure that everything, from your operating system to the third-party applications you rely on, is up-to-date with the latest security patches. Treat any patch that needs to be applied, update that is available, staff member that doesn't have cyber security awareness training as "debt", start paying off that debt now. #CyberSecurityAwareness #DigitalResilience #TechUpdates #ContinuousLearning #CyberThreats #StaySafeOnline

A really interesting read. Especially interesting that there may have been a reconnaissance as a precursor to the major attack. Also, that the first detected unauthorised access to the network was identified at the Terminal Services server. I wonder if a VPN was in use? Remote usage expanded during the Covid-19 pandemic because of the greatly increased requirement for remote working. It just goes to show that as and when there is a change to IT infrastructure or usage, the effects these changes have on security has to have paramount importance in the change planning.

So good to see a major organisation being honest and open about what happened to them in a big cyber security incident. The section "Learning Lessons from from the Attack" contains a lot of important learning points for us all.

Learn the truth from Julie Farnam. Discover the history and current threat of the white power movement in our latest webinar. Knowledge is the first step toward action! Watch here: https://lnkd.in/gJFSt6Jg #TakeAction

Don’t wait! 🎥 Our webinar with expert Julie Farnam on the white power movement is now available to view. Understand the history and learn how YOU can make a difference. Watch the full recording here: https://lnkd.in/gJFSt6Jg #StandAgainstHate

Professional service firms often carry the outside advantage, as an authority from the outside. But sometimes people on the inside can feel threatened by that advantage. In his latest post, Dean talks about what he does to defuse the possibility of threat so he can bring his full value safely, without bruising any egos or diminishing the value of others. Watch the full video here: https://lnkd.in/g8XfVRqS

Sharing a critical perspective from Bryan Cunningham from our recent company update webinar. It's more important than ever to hear from those on the frontlines of protecting our democracy and way of life. Please take a few minutes to watch and consider the insights shared here.

Interesting take on a potentially existential threat to democracy with Cyber Security and Semiconductor dominance being the modern day arms race of the next few decades. Curious to hear thoughts on this.