Traditional IT security is buckling and breaking under increasingly sophisticated, high-quality malware attacks, says James Lyne, senior technologist at security firm Sophos.
"Cybercriminals have embraced cloud computing and have unbelievable processing power at their fingertips," he told the IDC Security Conference 2010 in London.
Sophos is detecting an infected website ever 2.31 seconds and 60,000 new pieces of malicious code a day, up from just 5,000 in 2009.
Cybercrime is a wonderful business that has become highly organised, with organisations selling each other tools and services, said Lyne.
"There are even services which cybercriminals can use to benchmark the effectiveness of their attacks and get tips and advice on how to make them better," he said.
Malicious code is being developed and deployed by highly skilled and intelligent criminals to gain access to all corporate systems, including those running on the Linux operating system, said Lyne.
In light of this, businesses, organisations and the security industry need to change the way they think about security.
"We need to move away from the traditional focus on content because cybercriminals are able to change that content too quickly," said Lyne.
He believes security must make greater use of reputation and behaviour to have any chance of being effective and deployment of controls will shift towards endpoint devices.
But, said Lyne, although traditional security is no longer effective and has generally become too complex for businesses to deploy, a simple return to best practices can bring immediate benefit.
Significant improvements can be achieved, he said, if all users band together to follow simple best practices while businesses update to more effective technologies and processes.