Backing up to stay ahead of hackers
- By Karen Epper Hoffman
- Oct 20, 2016
Like many smaller local police departments or government agencies, the Barnstable Police Department finds itself increasingly in the crosshairs of cybercrooks who would prey on its data dependence and limited IT resources to make it a ransomware target.
However, this 130-member law enforcement department with a one-person IT department hopes to get the drop on would-be bad actors by using new technology to more frequently and inexpensively copy and store its data to minimize the impact of increasingly frequent ransomware attacks. “Ransomware attacks have been around for a while, like many of these [online] threats,” said Craig Hurwitz, IT coordinator for the Barnstable Police Department. “But when they hit, you need to have a backup. You need to have that safety net.”
The Barnstable Police Department serves Hyannis, Mass., on Cape Cod -- a quaint seaside town known as a former home to the Kennedys and a current home to pop-star Taylor Swift. As a popular summer haunt, the area population can swell from less than 50,000 for most of the year to as much as four times that size between Memorial Day and Labor Day. And, despite limited resources for IT support, Hurwitz said he’s determined that the area should remain known more for its beaches than its breaches.
“We heard of a couple of [government] agencies in other parts of Massachusetts that were attacked using ransomware,” Hurwitz said, in reference to incidents where users had been locked out of systems or prevented from accessing their data. The bad actors charge a “ransom” to remove their malware and return control to the legitimate users.
Ransomware is currently the fastest-growing malware threat, with these type of online attacks increasing three-fold since last year, according to the Department of Justice. Many small government agencies have found themselves particularly at-risk because they typically lack the in-house skills and IT resources to avoid and mitigate the impact of these attacks. Hence, they more often and more readily pay the ransom to the criminals.
By frequently backing up files, potential victims can get the jump on these ransomware attacks, because having an up-to-date copy of data negates the need (in many cases) to pay the ransom. But, for many smaller operations, that option is not financially feasible. Hurwitz said that by working with storage technology vendor Reduxio Systems, the police department was able to revamp its own storage systems with a customized hardware-software solution that can back up files in real-time and can be accessed from anywhere -- even an employee’s iPhone.
Deployed in July, the new and improved back-up structure is primarily “tiered storage with built-in data protection,” according to Mike Grandinetti, Reduxio’s chief marketing and corporate strategy officer. Data storage, he said, is necessary (especially in this threat-prone time), but conventional approaches put “incredible burdens on IT to take snapshots of the data environment.” For a one-person IT shop in a department that is stretched past its usual capacity three months out of the year, the burden is even more daunting.
Backed by computing powerhouses Intel and Seagate Technology, Reduxio developed its combined hardware-software engine to radically compress data. It uses “peering” technology to find the optimal locations to direct data that is being stored based on how often the particular information or files will likely be accessed.
The system can direct the backed-up data to the cloud or to flash memory or less costly spinning disks, based on how the system has been trained to assign the different types of information it stores. So for example, files that need to be accessed more quickly or frequently might be stored on more easily accessible, but slightly more expensive, flash memory. Besides providing a more cost-effective approach, Grandinetti said, it “can also be used by [people] who are not hardcore command-line programmers.”
Moving from its outdated, traditional storage system to this new one has reduced recovery time from 35 hours to roughly 35 minutes, according to Hurwitz. And the system was within the small town’s means. “We were surprised,” Hurwitz said, “with all the system has, that we could afford it.”
That price tag and usability are important: Hurwitz said the Barnstable Police Department is one of the few on the Cape that even has an IT department. Most just have a police officer who is also assigned to manage systems.
Karen Epper Hoffman is a freelance writer based in the Seattle area.