It's not too surprising that the bad guys are reusing the same ol' tactics and technologies: Why come up with new ways to hack when the old ways work just fine? Organizations that want to make their environment significantly more secure should be doing the following better: patching systems regularly; creating and enforcing password policies; embracing configuration management; adopting a least-privilege strategy; and training end-users.
You don't need ultrasophisticated defenses. Defending against malicious intruders is not impossible, but you must concentrate on doing the basics better.
Improving some defenses require global coordination, such as making it harder to carry out malicious deeds across the Internet. But even those issues haven't changed in 20 years. The only difference is that we now have the expertise and protocols to implement what we've needed all along to keep our systems safe -- but we don't. One day we will; unfortunately, it will happen only after we've allowed the cyber crime issue to harm far more people than necessary.
Until we make it globally harder for the bad people to do bad things across the Internet, your organizations needs to better embrace the basics to keep your own systems safe. In the meantime, don't get caught up in the hype.
This story, "Why hackers don't need to be smart," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.