Smaller governments, education institutions and businesses are fueling terrorism by caving to ransomware demands. No news here. The crooks are in save havens like Russia and North Korea. They penetrate computer systems, steal confidential information, and plant malware that makes the computer systems unusable until a ransom in bitcoin is paid. This activity has been around for years and it’s getting worse.(1)
The actual ransom payment is a small part of the damage these attacks cause.(2) The estimated average payment per attack is $6,500, but the estimated damage is $380,000(US). That’s the cost in downtime and money spent on consultants to rebuild data and software. For a small town, school district or business, that’s a budget-breaker.
The truth is that most smaller communities can’t afford the technical expertise and software to fend off these attacks. They depend on their small size to keep them off the attackers’ radar screens, and when that fails, their recourse is taxpayer bailouts or bankruptcy. Unfortunately, most politicians are reactive. They won’t spend modest sums to prevent problems. Instead they prefer to spend fortunes on band-aid repairs after the problems happen. We saw that with Trump on COVID and Texas with the storm damage to the power system. Don’t do what you need to do and then throw mountains of taxpayer money at the inevitable result. Many entrepreneurs think the same way.
Medium-size and smaller towns and businesses also can’t afford and in most cases don’t have hot backups — sites at protected locations mirroring their main datacenter and able to take over operations when the primary center is disrupted. If you want to make the IT guy in a small town break up in hysterical laughter, raise that idea. The lack of hot backups is what drives recovery costs through the roof.
Logic dictates that it’s time for a return to the computer architecture of the 1960s: the consolidation of data processing into larger fortresses run by entities that can afford the security measures required. Some businesses and communities are already doing this, using the Software-as-a-Service (SAAS) model, using PCs as dumb terminals to access remote computer services. (That’s straight out of the Digital Equipment and Wang playbooks from 1965.) Others need to do this. Arguably no community of less than 1,000,000 should have its own data center.
Is the US, that could mean one auto licensing application managed at the Federal level with every state using it, or one property tax software application for each state, and every county and city in that state using it. Software makers may hate this idea. Just think: you can’t sell a product 256 times in Texas or 121 times in Kentucky (once to each county in the state); instead you just sell it once to the state.
And yes, big data fortresses have hot backups.
Personally, I know of one and only one smaller company private data fortress, the very pinnacle of the art of building a quality data operation —
- Over 100,000 users
- Never hacked
- Downtime averaging less than 1 minute per year over the last decade
- Real-time any language to any language literary-quality translations. Japanese to Urdu, no problem.
And no, I will not name them here. Nor am I connected to them. I am just in awe. They are the ideal to which Google, Amazon and Microsoft can aspire, and most small entities don’t know how to achieve. Except they were once a small start-up themselves, run by people both passionate and very, very smart. Highly justified awe.