Five years ago, cyber criminals were generally individual IT experts who had turned to crime. Today, they're professional criminals turning to the internet, hiring the IT talent that they need.
That's the key shift in the information security threat landscape, according to Kaspersky Lab analyst Evgeny ("Eugene") Aseev, who heads the company's China antivirus lab.
"Now the real serious guys, the real cybercrime gangs, that may be governments or serious organisations are just moving to IT instead of, like, making war or something else," Aseev told this week's Patch Monday podcast.
Attackers are now more professional, and attacks more complex. It's a message that we've also heard from McAfee's Dmitri Alperovitch and critical infrastructure security expert Eric Byres, amongst others.
Businesses must therefore pay attention to every little detail to ensure the now more-patient attackers don't find their way in — as they did in the Operation Aurora attacks against Google, Adobe, Rackspace, Juniper Networks and others, as well as more recent attacks, like those on H B Gary Federal and RSA.
"There is no one recipe [to] protect from this type of targeted attacks ...The attack is more individual," Aseev said. "Everybody is aware of these things, but now is the time for starting to [pay] attention to these things."
We also hear from Aseev's colleague Nathan Wang, vice president in charge of Kaspersky Lab's technical divisions in Asia Pacific. He fears a repeat attack as complex as Stuxnet, and emphasises the need for a bit more stick when it comes to enforcing security policies.
Patch Monday also includes my usual look at some of last week's news headlines.
To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.
Running time: 30 minutes, 27 seconds
Stilgherrian travelled to Kuala Lumpur as a guest of Kaspersky Lab.