Kidnapping a Library: How Ransomware Taught the British Library to Follow Well-Known Best Practices
Brian Myers
BSidesSF 2026 · Day 2 · AMC IMAX
In this compelling talk at BSides SF, independent information security contractor Brian Myers dissects the catastrophic ransomware attack that crippled the British Library in October 2023. Drawing primarily from the library's remarkably candid 18-page public report, Myers offers a detailed narrative of the incident, its profound consequences, and the critical lessons learned. The presentation serves not only as a technical post-mortem but also as a powerful cautionary tale, illustrating how even a major cultural institution with a degree of security awareness can be brought to its knees by fundamental security oversights and the complexities of managing legacy IT infrastructure.
AI review
Competent case study walk-through of the British Library ransomware incident, leaning almost entirely on the library's own public post-mortem report. Myers is an effective narrator and the source material is genuinely good — the library's transparency produced one of the more honest breach disclosures in recent memory — but the talk doesn't add much analytical layer on top of it. Useful for practitioners who haven't read the report; redundant for those who have.