As company networks have evolved and become more complex, so has the “logging”. This means the results and reports from devices and applications all over the network, each pouring out with endless amounts of data, need to be interpreted into meaningful information. However, logging and monitoring are two different things.

If you can’t detect an issue you can’t deal with it. Some of the largest data breaches that have occurred went on for months on end due to simply not being detected; Edward Snowden vs the NSA and stolen credit card data for 70 million Target Corporation customers in 2013, being high profile cases.

Only 51% of UK businesses surveyed reported that they monitor user activity or carry out regular health checks to identify cyber security risks.

Log management tools and Security Information and Event Management (SIEM) that provide correlation and intelligence are starting to be implemented more, but tend to be used in larger organisations only. Smaller firms often have very little in place at all.

The UK Government’s `10 Steps to Cyber Security’ recommend you develop a strategy around monitoring, implement continuous monitoring of all IT systems and networks and finally analyse logs for signs of unusual activity. Don’t settle for “unknown unknowns”, Donald Rumsfeld didn’t.