We are at the stage where it is no longer a question of if but when so what can we do to protect ourselves? Is it a question of buying the best hardware and software so we are fully supported with fixes from large companies who can afford to keep on top of threats? Part of that problem is that software vendors are still catching up and plugging holes in existing packages that we all use so we can’t be sure that this will work properly. So is the answer to surround yourself with protection such as firewalls and specialist software designed by people who only specialise in this sort of crime. Another problem is the people who work for us often have other priorities and don’t understand the threats they face, so bypass the protections you put in place. Maybe the answer is education, should we ensure our employees understand not to do this? Unfortunately, the most successfully crimes committed against business are socially engineered, making it incredibly difficult for training only approach to make sure our teams don’t slip up and give away the crown jewels.