Last month Hannah Murphy wrote a story in the Financial Times about how organizations are having to learn “how to negotiate with hackers.” The article was fascinating in a number of ways but especially in how ransomware attacks have become so common that we’re actually having conversations about how to talk to hackers.
Murphy’s article covered topics like how to determine “proof of life” for your data, but in a slightly more sophisticated way than the 2000-era movie with Meg Ryan and Russell Crowe. Not to besmirch the movie, it was a good flick. 
But it’s hard to believe we’ve reached a point where you need to know how to deal with the thieves that breach your networks and lock up all your data in exchange for currency that very few of us know how to access or use.
The article also introduced the idea of a cottage industry springing up of ransomware negotiators and the growth of ransomware insurance providers. It’s a nightmare scenario, especially for state and local governments. It seems a week doesn’t go by without another story of a small city being shut down by a ransomware attack.
State and city governments are particularly more vulnerable than businesses because they lack the money and resources to update their systems and data. City IT professionals have to receive budget approval from their city councils. And their teams are typically small and responsible for supporting almost every aspect of city services.
They’re also prone to falling behind the technology and IT compliance regulations as newer, younger IT certified professionals gravitate to corporations with higher salaries and benefits. As a result, patches may be delayed and backups systems go unchecked. Hackers know small cities are soft entry points with direct links into federal databanks.
Instead of making investments into IT, some city governments set aside funds to purchase cyber insurance and keep their fingers crossed they never have to use it. That seems like a budget-friendly approach except that using the insurance to pay ransoms doesn’t protect their reputations or prevent their residents’ data from being shared after the handoff is made. In addition, as global insurers begin to feel the pinch from paying out ransoms, they’ll be more selective about who they’ll cover. It’s like State Farm covering your 16-year-old driver after their second or third wreck.
According to an article in ProPublica, cyber insurance sold by domestic and foreign companies has grown into an estimated $7 billion to $8 billion-a-year market in the U.S. The average ransom payment is $36,295, according to Coveware, a firm that helps negotiate and facilitate cyber-ransom payments. And the average price for $1 million in liability insurance is $1,500 a year.
When looking at the numbers, it makes more sense to spend about the same or even a little less to build out a cloud backup system with subscription-based services paired with IT and compliance experts. iland works with hundreds of city governments around the world to move their data to the cloud and level the playing field against ransomware attackers to keep their data safe and operations up and running.
We have you covered in all three areas: backup, disaster recovery and infrastructure. iland Secure DRaaS enables IT workloads to be replicated from virtual or physical environments to a secure cloud infrastructure. iland’s Secure Cloud BaaS integrated with Veeam Cloud Connect technology offers an easy and cost-effective cloud solution for offsite backup and archives. And iland’s Infrastructure as a Service (IaaS) provides a self-service cloud infrastructure built on VMware vCloud and Cisco PoweredTM technology designed to support a variety of workloads, disaster recovery and compliance needs.
From San Jose, Calif. to Berlin, New Hampshire, we’re helping state and city governments leverage the cloud to protect their data and operations, which is so much easier than establishing proof of life or understanding bitcoin.
