According to the Exabeam 2023 Threat Detection, Investigation, and Response (TDIR) Report, global spending on cybersecurity solutions reached over $92 billion in 2022, with projections soaring to $170 billion by 2027. Despite these significant investments, the cybersecurity breach that impacted the British Library in October 2023 further reinforces the need for continuous critical conversations among CISOs and cybersecurity leaders. The incident not only highlights vulnerabilities inherent within public sector entities, but also offers a chance for us to reassess our alignment with cybersecurity frameworks and guidelines — in this case, the Department for Culture, Media and Sport (DCMS).
This article contrasts some of the key lessons learned from the British Library breach with insights from the report to shed light on the evolving threat landscape.
In this article:
- Ongoing risk in the public sector
- Key lessons drawn from the British Library breach and the Exabeam TDIR report
- A call for enhanced cyber resilience
Ongoing risk in the public sector
The cyberattack on the British Library in October 2023 is not isolated. Statistics show an alarming increase in cyberattacks targeting the public sector, with an approximate 73% increase in ransomware attacks alone over the past year. In the UK specifically, March 2023 was the “worst month on record” for breach victims. These statistics underscore a pressing need for enhanced cybersecurity measures that not only prevent attacks but ensure rapid, effective responses when they do occur.
Key lessons drawn from the British Library breach and the Exabeam report
Enhanced network monitoring capabilities
While having security measures in place, the British Library saw 600 GB of data exfiltrated, emphasizing the need for heightened network monitoring and earlier visibility. Echoing this, the Exabeam report reveals that over 70% of organizations reported better performance in cybersecurity KPIs attributing this improvement to enhanced monitoring and automation capabilities.
Retain on-call external security expertise
The British Library attack highlighted the benefit of third-party providers. The Exabeam report and the DCMS both point to the value of external experts, with 35% of organizations acknowledging the need for more assistance in understanding behavior within their IT environments, showcasing the importance of external cybersecurity expertise.
Enhance intrusion response processes
The swift activation of the British Library’s crisis management plans exemplifies the importance of a robust intrusion response process through effective automation. The Exabeam report supports this, emphasizing the push towards automating the common repeatable processes, with findings showing a significant portion of organizations automating more than 50% of their TDIR workflow, thus streamlining their response to cyberthreats. This is in line with the DCMS’s approach to risk management and internal controls, advocating for practices that optimize efficiency and ensure rapid response to threats.
Maintain a holistic overview of cyber risk
The complexity and segmentation of the British Library’s IT environment contributed to the attack’s persistence and impact, highlighting the necessity of a holistic approach to cyber risk management across multiple segments and a software-defined wide area network (WAN) definition. This is paralleled in the Exabeam report, which notes that, despite a high confidence in TDIR capabilities, organizations acknowledge challenges in the lack of visibility and the subsequent time-consuming nature of investigations, with only 66% visibility into their full IT environments on average.
Regularly train all staff in evolving risks
The British Library’s revision of its staff IT policy on cybersecurity risk training aligns with the DCMSs call for continuous professional development. The Exabeam report amplifies this, revealing that continued internal training is vital for upskilling and addressing knowledge gaps in cybersecurity. A perspective shared by a vast majority of the surveyed organizations.
Prioritize remediation of issues arising from legacy technology
The impact of the incident on the British Library was made worse by its legacy systems. This reinforces the well-documented need to identify, classify and monitor such systems. But it also drives the urgent need for modernization in terms of security, log management, observability, and fast threat detection. The Exabeam report highlights that, despite advancements, 57% of organizations experienced significant security incidents, emphasizing the continuous threat posed by legacy technologies and the importance of modernizing and securing these infrastructures.
A call for enhanced cyber resilience
The British Library’s cyberattack correlating to findings from the Exabeam 2023 TDIR Report underlines the essential elements of a robust cybersecurity strategy. Public sector organizations need to continuously work to align themselves with the principles outlined in the DCMS guidelines, which, in turn, will help them toward a path of a more resilient and robust cybersecurity posture. Many organizations use manual processes and disparate security products to meet regulatory requirements, like the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA) for financial organizations. If only performed ad hoc, manual processes can leave organizations at risk for audit failure, fines, and disclosure reporting. Exabeam provides detection rules, models, and compliance reports that show auditors security controls are in place and work as designed.
Unlock advanced TDIR strategies
Discover the critical insights and advanced strategies needed to enhance your threat detection, investigation, and response (TDIR) capabilities. Read The Ultimate Guide to TDIR — a comprehensive resource with essential practices to understand and master the TDIR workflow. Leverage the latest in SIEM technologies, optimize your log management, and achieve excellence in incident response.
Elevate your cybersecurity strategy and improve your security team’s efficiency and effectiveness. Download your guide now.
Similar Posts
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Beyond the Horizon: Navigating the Evolving Cybersecurity Landscape of 2024
Strengthening Cyber Defenses: Innovative Solutions for TDIR Challenges
Recent Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!