A disgruntled insider appears to have been behind a security incident at the British Museum, which forced the 270-year-old institution to partially close its doors over the weekend of 25 and 26 January following disruption to core IT systems.
The incident shuttered two of the museum’s ongoing special exhibitions, one on the history of the ancient Silk Road trading network connecting Asia and Europe, and one on the prints of Pablo Picasso, after key systems including the museum’s ticketing platform were disrupted.
“An IT contractor who was dismissed last week trespassed into the museum and shut down several of our systems,” a spokesperson for the museum said. “Police attended and he was arrested at the scene.
“With regret, our temporary exhibitions were closed over the weekend – ticket holders were alerted and refunds offered.”
The British Museum told Computer Weekly that all of its exhibitions and facilities have now reopened.
London’s Metropolitan Police confirmed its officers attended the museum on the evening of Thursday 23 January and arrested an unnamed man in his 50s on suspicion of burglary and criminal damage. The individual has since been released on bail.
Since the cyber incident did not appear to involve any element of cyber criminal hacking or malware, its long-term impact is unlikely to be as significant as similar attacks against other cultural institutions, such as the autumn 2022 Rhysida ransomware attack on the British Library – from which it’s still recovering.
In this instance, the British Museum appears to have experienced minimal impact, with the disruption apparently limited merely to that caused by unscheduled downtime
Nevertheless, it behoves all organisations to pay close attention to the potential for IT disruption arising from insider actions as their impacts can be wide-ranging, and costly.
Indeed, according to IBM’s 2024 Cost of a data breach report, when compared against other cyber attack vectors, attacks by malicious insiders tend to result in higher recovery costs, close to $5m (£4m) on average, although such attacks represented only 7% of the total seen in the report data.
Risk management
It’s also important to factor insider threats into cyber risk planning activities as such incidents can be very difficult to detect. This is because malicious insiders often look like ordinary users and typically do not reveal themselves until the minute they carry out their attack, at which point the damage is done.
This is in contrast to ransomware attacks, for example, in which organisations with appropriate threat-hunting measures and network monitoring in place can sometimes detect the warning signs of an impending incident, and take steps to thwart them.
“Cyber security arrangements must be agile and constantly updated to keep up with the evolving threat landscape,” said SonicWall executive EMEA vice-president Spencer Starkey.
“This requires a proactive and flexible approach to cyber security, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning,” he said.
“It also requires ongoing training and awareness programmes to ensure that employees are aware of the latest threats and best practices for cyber security,” said Starkey.
“By maintaining agile and up-to-date cyber security arrangements, companies can minimise their risk exposure, detect and respond to threats more effectively, and maintain the trust and confidence of their customers and stakeholders.”
