Art as a mirror of the cybersecurity gaps exposing museums to attacks
Art as a mirror of the cybersecurity gaps exposing museums to attacks
Publish Date: 2026-04-03 01:05:00
Source Domain: www.escudodigital.com
The growing digitalisation of museums and cultural institutions has created new opportunities for cybercriminals. This is the warning issued in a report by IndraMind Cybersecurity, the cybersecurity unit of IndraMind (Indra Group), which examines the most common identity and access management failures in these organisations through the lens of iconic works of art.
The report notes that more than 1.8 billion credentials were stolen worldwide in the first half of 2025 alone, highlighting the scale of the problem. It also points to the rapid increase in machine identities –now reaching up to 83 for every human user– which adds complexity to access control and increases risk .
Weak passwords and poor practices
“The scream” by Edvard Munch is the first artwork used to illustrate one of the most persistent issues: poor password management.
Sharing credentials, reusing them or storing them in insecure locations can turn a simple oversight into a critical security breach. “When a user ‘shouts’ their credentials, they expose sensitive information that can compromise the entire organisation,” the report warns.
This type of failure can lead to unauthorised access, data theft or exposure, lateral movement within networks, malware infections and cyberattacks such as ransomware.
The impact is significant: more than 80% of data breaches are linked to compromised, weak or reused credentials.
To address this, the report recommends:
- Moving towards passwordless authentication models while strengthening password policies where they remain in use.
- Training staff in secure credential management practices.
- Regularly reviewing access rights and auditing credential usage.
The risk of third-party access
The second artwork referenced is “Liberty leading the people” by Eugène Delacroix, used to highlight the risks associated with third-party access.
Restorers, curators, maintenance companies and technology providers often require…
