Brian Myers
Brian Myers (PhD, CISSP) has 20+ years of experience spanning software development and information security. He built the first application security program at WorkBoard and served as HIPAA Security Officer at WebMD Health Services, helping them achieve HITRUST certification. As an independent consultant, he assists organizations with SOC 2, HIPAA compliance, and secure development practices. He regularly speaks at security conferences about practical approaches to security implementation and governance
More at https://safetylight.dev
Session
In 2023 one of the largest libraries in the world fell victim to a ransomware attack. Their online catalogs were down for months, and the cost of recovery exceeded eight million dollars. In March 2024 the Library posted a detailed 18-page account of what happened and what they learned from the experience. I studied the full report so you don’t have to.
If the analysis contains any surprises, it’s that there are no real surprises: the problems the British Library faced are common to many businesses, and the improvements the Library developed in response to the attack are reassuringly familiar best practices. We know how to reduce risk from ransomware.
This 35-minute talk draws from the Library’s report to summarize the attack and explain how security controls such as network monitoring capabilities, multi-factor authentication, defined intrusion response processes, holistic risk management, and cyber-risk awareness at senior levels would have made a difference for the British Library-–and might in your company too.