The recent rioting in London, and other major English cities, has taught us one thing if we ever wondered why we need CCTV cameras in our country.
The fact that the cameras were monitoring, recording and reporting back what was happening not only helped identify, and possibly help convict, some of the perpetrators of the looting which was going. It also helped alert police, fire and ambulance services – and management of businesses affected – where potential fraudulent or malicious activity could be heading for next unless the rioting was stopped.
Sometimes you don’t anticipate where, or when, trouble is going to happen. When it does happen, however, you need to have immediate alerting and reporting of what is happening so that you can take mitigating action – and see the perpetrators of the potential abuse – to limit the impact of the action.
Were the looters of the shops and offices aware that CCTV cameras were picking up there every move? Probably not. However, if they had been told in advance that monitoring controls would not only record what they were doing but also identify them as potential perpetrators of the crimes they were committing would they still have gone ahead and carried out the crimes? Possibly, but they would have been silly to do so if they thought that they would be caught.
Monitoring of data security is the exactly same. Think that your actions on data, or the security surrounding data, are not being recorded then you might think about committing a data breach. Know that there are CCTV cameras watching your actions on data then you might think again.
The perpetrators of the looting just highlighted why you need to have monitoring controls to capture evidence of certain aspects of “human nature”. It’s not to spy on everyone. In fact, it’s to vindicate the “good guys” and capture the “bad guys” so think of it that way.
Management of data breach cases over the last year take heed! Monitor for rogue insider activity and/or for cyber criminal activity, and for security vulnerabilities to your data. Security at the perimeter is no longer good enough, or deep enough, to protect your data.