Most security experts will tell you that identifying cyber criminals takes a lot of hard work, luck and a fair amount of time and patience. This is because cybercriminals operating across multiple countries are not only difficult to track; no one can be certain who is acting on behalf of what organization.

With each passing day it’s becoming clear that law enforcement organizations are gaining more insight into the cybercriminal community.

One of the simplest and most effective attacks many cybercriminals like to rely on is DNS cache poisoning. Because the original Domain Name System (DNS) that powers the Internet wasn’t created with security issues in mind, cybercriminals have found it relatively easy to hijack DNS servers.

The one area most companies find themselves vulnerable in terms of IT security attacks invariably involves the applications they expose on the Web. It’s only natural because external-facing Web applications are the corporate assets that are most accessible to hackers.

Conventional security wisdom holds that the distributors of malware leverage massive amounts of botnet infrastructure to deliver their payloads. While historically that has been true, these days the sheer size of those botnets is making it easier to discover those botnets, predict what attacks are building on those botnets, and ultimately apprehend the cybercriminals who built them.

Although there is a lot of focus these days on data breaches that result from the activities of cyber-criminals and other digital miscreants, in truth the majority of data breaches are caused by simple negligence.

More often than not being in charge of managing security can be a thankless task. After all, the only time anybody has reason to really notice the IT security team is when something goes wrong. All the instances when the company was successfully defended by the IT security team were a non-event to the rest of the company. It’s only when there is a breach that anyone begins to question the company’s IT strategy and the people responsible for it.

Now that one of the favorite tactics being used by cybercriminals to cripple antivirus software to diverting traffic away from local DNS servers has been disclosed thanks to the Federal Bureau of Investigation and Trend Micro, the next logical question is, What do IT organizations need to do to protect themselves?

IT organizations can take some comfort in the recent arrest of the alleged masterminds behind the one of the largest know cybercriminal networks. But given the nature of cybercrime, it’s only a matter of time before some other organizations emerge to fill the void left by a network that consisted of more than 4,000 bots.

It seems as though USB drives are everywhere. Go into the office and chances are there are hundreds of them lying around like so many paper clips. People tend to use them randomly, so no one is quite sure what sensitive files might be on a particular drive. Of course, chances are high that they have no idea where that drive is, either.