The vulnerability of government, business and individuals to cyber attack was demonstrated when a botnet hijacked 1.9 million computers.
International authorities are hunting six members of the cybergang that bypassed 90% of antivirus products to build one of the largest known botnets in just two months.
The gang's ability to set up such a big botnet in such a short period of time shows just how vulnerable organisations are to this type of attack, he says.
The botnet infiltrated 77 government departments and hundreds of large corporations, including six local government departments and 500 companies in the UK.
The cybercriminals were able to infect computers through legitimate websites with malware designed to take advantage of security vulnerabilities in a range of browsers.
Ken Munro, director of the penetration testing division at NCC Group, says most organisations neglect desktop computer security on their networks.
"Security patching of internet-facing servers is usually good, but that is definitely not the case when it comes to the rest of the network in most organisations," he says.
Organisations should ensure that security patches on every computer on their network are up to date to minimise the risk, says Munro.
Ben-Itzhak and Munro agree traditional defences such as firewalls and anti-virus are no longer enough, but organisations need to a multi-layered approach to security.
This involves combining web security, data leakage prevention and URL filtering to strengthen the network perimeter as well as ensuring the internal network is secure.