Have you ever thought about what happens when a museum is attacked? We mostly hear news about bank or big tech company attacks, but on Dec. 9, 2024 the National Museum of the Royal Navy was cyber attacked, taking down all of the museum's systems and effectively rendering their operations inoperative. Ticketing, collections, emails, everything gone.
We all have a lesson for the future. What did they learn? They learned a crucial lesson about how it is important to have a good plan for cybersecurity. They might not have implemented enough secure IT systems, enough security checks, off-site backups, or monitoring tools. The lesson is clear - a cyberattack is a "when," not an "if."
Next time you are in a museum, or gallery, remember they are keeping safe more than just the beautiful artifacts. They are hoping to keep safe digital treasures too.
The Shock of the Attack
Imagine coming to work and all of your systems just don't work. The staff at the National Museum of the Royal Navy first thought they had some minor IT issues. Over time they quickly learned they were being cyber attacked. Ticketing stopped, printers jammed, telephone lines failed, and collections staff were left without access to years worth of records.Turning Everything Off for Safety
The museum decided to turn everything off - emails, Wi-Fi, computers, all of it. They had to go back and wipe and rebuild nearly 400 devices. You could say this is excessive, but it helped them ascertain what they actually had. They had to rely on older, manual processes to help them - the staff members went back to things like paper records, VHS tapes, etc!The Financial Lost
The attack also had financial implications since they lost the ability to perform online ticketing and losses quickly built. Hundreds of employees were unable to do their normal work while IT teams were working non-stop to regain control. The staff was stressed and terrified as many voiced concerns of never recovering the valuable collections and institutional archives.Recovery Took Some Time
Getting everything back into working condition did not happen quickly. The corporate ticketing was restored by Christmas, but it took months to replace the collections databases. George Wilson, Head of IT, noted that recovery involved not just fixing data, but rethinking the functioning of their digital systems. Even nine months later, some systems are still being re-built.We all have a lesson for the future. What did they learn? They learned a crucial lesson about how it is important to have a good plan for cybersecurity. They might not have implemented enough secure IT systems, enough security checks, off-site backups, or monitoring tools. The lesson is clear - a cyberattack is a "when," not an "if."
A Lesson For All Museums
This isn't just a lesson to a certain museum. This serves as a lesson for all museums: digital systems can be fragile too! Back up your data, train your staff, and return to what you normally do when you run into issues that you don't, for instance, expect. The story of this museum shows that you can recover, and perhaps even return stronger.Next time you are in a museum, or gallery, remember they are keeping safe more than just the beautiful artifacts. They are hoping to keep safe digital treasures too.
