After being hit by a ransomware attack over Memorial Day weekend, the Seattle Public Library’s main branch and its 27 branches have managed to repair and restore all tech-enabled systems and services. This attack caused several disruptions, including limited access to staff and public computers, the online catalog, e-books, Wi-Fi, and the library website. Cybersecurity experts have praised the steps taken to protect against future attacks, with the library providing updates on the restoration of services over the recovery period.
In response to the attack, the Seattle Public Library has taken measures to strengthen its defenses against future cyber threats. The library has expedited its migration to SharePoint Online and implemented multi-factor authentication on staff systems. Additionally, they have increased their use of cloud-based Microsoft tools for file management and communication needs. Legacy on-premises services have been retired in favor of cloud-based infrastructure capabilities. Approximately 1,000 computers have been re-imaged, password updates have been forced, and password requirements have been strengthened.
Jim Alkove, CEO of cybersecurity startup Oleria, has commended the library for implementing multi-factor authentication and migrating to cloud-based services, which he believes are crucial in restoring operations and fortifying library systems against future attacks. Alkove stresses the importance of comprehensive deployment of multi-factor authentication. He also notes that transitioning to SaaS and cloud environments can reduce the attack surface of legacy on-premises systems, making them less vulnerable to attackers.
Sunil Gottumukkala, CEO of cybersecurity startup Averlon, has praised the library’s move to multi-factor authentication for staff. He suggests that the library should develop and test a “recover and rebuild” plan to defend against future ransomware attacks. Gottumukkala believes that lack of preparedness may have contributed to the library’s lengthy recovery process. Alkove adds that it is essential for organizations to regularly test, monitor, and maintain their security protocols to ensure cyber resilience.
Alkove emphasizes that organizations should focus on cyber resilience and business continuity planning to respond swiftly and effectively to cyber attacks. He points out the importance of continuously updating and testing recovery plans to ensure readiness for future attacks. Resilience goes beyond just restoring systems after an attack, and it involves addressing challenges such as over-provisioning user access. By providing only the necessary access and permissions, organizations can reduce their vulnerability to cyber threats and protect against potential security breaches.
As the Seattle Public Library completes its recovery from the ransomware attack, the focus is now on strengthening security measures to prevent future incidents. Cybersecurity experts urge organizations to prioritize cyber resilience and continuously update and test recovery plans to ensure readiness for potential attacks. By implementing multi-factor authentication, migrating to cloud-based services, and enforcing strong password requirements, libraries and other organizations can enhance their defenses against cyber threats and protect their systems and data from malicious attacks.
