Once again, I think this is an example of looking at the technology involved in a problem and then assuming it's a technological problem overall. I don't believe this is any different from any other form of theft, and the basic rules for policing that exist already should be applied here.

If you've got something worth protecting, you put a lock on it. The more important, the bigger the lock.

No matter how good your security, it has vulnerabilities, and you can't do anything after the fact if you don't know you've been hit. Therefore, monitor and audit.

If you don't tell people something's wrong, they have a get-out clause. Therefore publicise the rules.

If there's little personal risk involved, and the benefits are high, lots of people will have a go. Therefore redress the balance, both by making it likely they'll get caught and, once caught, that they'll suffer badly.

That's obviously not a comprehensive list, but it's exactly the same for protecting (for instance) the physical pounds, shillings and pence in a bank's vault as for the data in its databases. Implementing it involves lots of areas, not just one, and is a cultural thing, not a discrete topic.

I really wish we'd stop thinking of IT as a special case and inadvertantly suspend common sense as a result.