Security has always been something of an afterthought, especially in small business environments where just getting systems up and running is more than challenging enough. The solution to that vexing problem has been to bundle security software directly into the operating system. But the problem with that approach is the security software that usually gets bundled into the operating system is rarely best in class.

The nature of the IT security job within most organizations is going through a subtle, yet critically important, transformation. Instead of trying to prevent things from happening that might jeopardize the security of the organization, security professionals are increasingly being charged with finding a secure way to allow thing to actually happen.

One of the things that is generally assumed about IT security is that the bad guys are making use of some massive amount of IT infrastructure they invested in to send malware. In reality, a report from Agari, a provider of an anti-phishing cloud security service, suggests that real primary source of all that malware out there is systems that have been compromised.

Back in the Dark Ages marauders would routinely raid various principalities and carry off everything that wasn’t nailed down. Acting either independently or under the auspices of one warlord or another, these raiders pretty much acted with impunity. Fast forward to 2012 and it’s a wonder how little progress has been made stopping “digital” raids in these more modern times.

Most security experts will tell you that identifying cyber criminals takes a lot of hard work, luck and a fair amount of time and patience. This is because cybercriminals operating across multiple countries are not only difficult to track; no one can be certain who is acting on behalf of what organization.