Role of File Analysis in Preventing Insider Threats

The number of data breaches caused by phishing attacks continues to grow. Among recent cases are college in San Francisco, school in Washington and international corporation.

At the City College of San Francisco, the information of about 7,500 students was compromised when an employee responded to a phishing email that was disguised as a legitimate request for student information.

Olympia School District in Washington has been affected by the problem as well. Using a phishing email, cyber intruders obtained the personal information of staff members employed during 2015. As a result, names, addresses, salary information, Social Security numbers, of about 2,100 employees, including 630 teachers, were acquired by unauthorized persons.

Finally, more than 13,000 Brunswick Corporation workers were victimized by a spear phishing scam that netted their W-2 information. A simple response by a Brunswick employee to what was thought to be a legitimate email from management requesting the W-2 information turned into a leak of names, Social Security numbers, 2015 earnings, and the withholding and deduction information of current and former full- and part-time workers.

These examples prove that it is absolutely necessary for IT security managers to use file analysis software to monitor and analyze data.

According to the Gartner Market Guide for File Analysis Software:

File analysis enables storage managers, legal and security professionals, and business analysts to understand and manage unstructured data stores to reduce costs and risk, increase efficiency of business-critical data, and make better information management decisions for unstructured data.”

The role of file analysis may be divided into two large sections: data security issues and file storage optimization.

Improve data security

  • Control access to business-critical data. File analysis reports should provide detailed information about excessive access rights and overexposed data. They might also indicate effective permissions and how they were granted, which allows IT teams to stay proactive and minimize the risk of insider threats and data exfiltration.
  • Prevent ransomware threats. More-comprehensive visibility into systems and data allows quicker detection of suspicious activities or of anomalous spikes of activity that may originate from ransomware. It also allows the deconstruction of the kill chain to mitigate the possible damage.
  • Enable user-behavior analytics. File analysis software enables anomaly detection, such as a suspiciously high number of reads, data tampering, and failed access attempts. The drill-down and cross-system capabilities allow the detailed investigation of security incidents across all IT systems.

Optimize file storage and reduce storage costs

  • Identify stale files. File analysis software shows duplicate, unused, and most-used files and empty folders. By knowing what files can be safely deleted, organizations can optimize storage use and related costs.
  • Engage data owners in the data governance process. The software indicates which data owners and users access and manipulate certain data the most often. This enables IT staff to engage users in the data governance process to increase its efficiency.