Blog

Security Gaps in Cultural Institutions

11.21.2024

By Julia Fishman, Customer Success Manager at threatER

The Current Landscape for Cultural Institutions

Cultural Institutions like museums, libraries, theaters and music establishments are not immune to the growing number of cyberattacks that are infiltrating and disrupting services across the globe. These instances are unique in size and scope but are worthy of further discussion: 

Example #1: Grand Palais  

The Grand Palais RMN is a cultural umbrella organization in France that is responsible for over 36 national museums in the country. A historic site and exhibit hall in Paris, the Grand Palais also supported the 2024 Paris Olympic by hosting competitions for taekwondo and fencing. During the 2024 Paris Olympics, the Grand Palais RMN suffered a ransomware attack and as a result, shut off servers to prevent further spread of the attack. This temporarily affected bookstores and shops at other museums including the Louvre, the Palace of Versailles and more. 

Example #2: British Library

The British Library is the national library for the United Kingdom and one of the largest libraries in the world. In the fall of 2023, the Library suffered a significant ransomware attack that was claimed by the Rhysida Ransomware group. The group stole employee and user data, then encrypted and destroyed servers, making it harder for the British Library to recover most of their infrastructure.

Example #3: Metropolitan Opera

The Metropolitan Opera reported that hackers gained access to internal systems and leaked personal data of over 45,000 people. Personal data included names, tax identification and social security numbers, payment card information and driver’s license numbers in the 2022 attack. The largest classical music organization in North America, the attack hit the opera during the busy holiday season, disrupting all ticketing operations. Tickets could not be sold, exchanged or refunded on the opera’s website, box office or call center. This forced the opera to sell general admission tickets on a temporary makeshift website, way below market value.

Example #4: WordFly

WordFly, a digital marketing platform specializing in mailing list services, marketing automation and subscription management for arts and culture organizations, was breached in 2022 and was inaccessible for a couple of weeks. This affected numerous cultural institutions including the Smithsonian National Zoological Park, Toronto Symphony Orchestra, Royal Shakespeare Company and more. The attackers exported email addresses and other customer data in a ransomware attack, forcing some organizations to change email providers at the last minute and disrupting their own events in the process.

Example #5: Gallery Systems

Gallery Systems, a collections management software company, suffered a cyber attack in late 2023, causing their collection and archive-management services to be disabled for many museums, academic institutions and corporations worldwide. Affected museums included New York’s Rubin Museum of Art, Museum of Fine Arts, Boston and the Frances Lehman Loeb Art Center at Vassar College. Visitors were unable to view digital collections and staff couldn’t access sensitive information through Gallery’s TMS program. 

The Revolving Door of Security

The rise in cyberattacks to cultural institutions can be attributed to a multitude of factors. 

Cultural institutions are increasing their use of software to enhance visitor experience, connect with audiences around the world and preserve cultural heritage. These third party companies are providing tools to display and augment digital works online, and manage internal databases and documents on behalf of these institutions.

The increase of software has only enhanced the risk of cyber attacks. Bad actors, like in the example of Gallery Systems and WordFly, target software providers because these vendors have access to hundreds or thousands of client data. Once successfully hacked, hackers can extract higher ransom because of the deeper pool of data theft. This data set includes donor data, which is how most institutions are funded primarily by wealthy individuals and philanthropists. If bad actors can access this data set, they can also target these individual donors in subsequent attacks.

Another factor is the geopolitical reach of these cyber attacks. Threat attackers, specifically those that are state sponsored, might attack these institutions to attack a nation’s cultural identity, such as their history, art, music and writing. Cultural institutions are the standard of combating misinformation and housing original sources in their archives. By tampering with these materials, state actors can create mistrust or completely destroy a country’s cultural heritage.

Cultural institutions can also be vulnerable to attack because their infrastructure is outdated and complicated. The British Library published a detailed report into the causes of their attack and the lessons learned from the initial recovery. They cited a reliance on legacy infrastructure that complicated compliance with modern security standards and delayed recovery time when rebuilding their environment. Infrastructure vulnerabilities with outdated systems and complex network topology allowed attackers wider access than more modern technologies.

The bad actors are smart and know that cultural institutions may not have as well-funded cybersecurity teams to defend themselves against attacks. It is crucial that cultural institutions consider a layered security approach to enhance network security and minimize gaps across the network.

Layered Security Approach

Layered Security is a cybersecurity strategy that uses multiple layers of security measures to protect assets within a system or network. This approach mitigates single points of failure throughout the network and gives companies a better chance of identifying and neutralizing cyberthreats before they cause damage.

Because cyberattacks are happening so frequently, it is critical that institutions are deploying a proper, layered security stack that is proactive and maintaining compliance. An organization should not just rely on a one security tool for their security apparatus as treating these solutions as “one-offs” can lead to exposure. Even Next-Generation firewalls can be breached and are insufficient on their own as they have a limitation in the amount of intelligence that can be enforced. Redundancy checks are a necessity and can protect your network on multiple levels.

threatER’s proactive approach is designed to block known threats at scale by aggregating tens of millions of known threats from cybersecurity threat intelligence feeds. As a layer 2 bump-in-the-wire, our patented IP filtering allows us to remove known bad traffic at line speed, without causing latency to your network. By blocking these threats through immediate risk mitigation, we are reducing the burden of your firewall by allowing it to allocate resources more efficiently and focus on inspecting legitimate traffic for potential threats. We will also decrease the amount of packets to monitor in your SIEM and reduce the amount of activity to monitor by the XDR or MDR solutions. We are ultimately making your network more efficient and ensuring that potential vulnerabilities are covered.