What can a trained security specialist provide; as much as your organization needs?
The Google attack, often called Aurora, offers many lessons.
It's a new world, one that we must alert our organizations to. The attackers targetted people based on their Linked-In and other profiles. They performed attacks against those privileged people's trusted friends, so as to fool executives, the true target, into clicking those links or installing those binaries.
And all of this seemed to be done with military-like precision.
We all need to find the counter-espionage expertise that is lacking in most security pro's, me included. Organizations of any size and importance will need to hire or rent people with a background in intelligence work. Stand-offish organizations must create the relationships with governmental agencies they once shunned.
And we in the security field must own up to our profession's inadequacies. Need information on password improvements? I'm yer guy. Need someone to help determine if those emails sent to a C-level manager foretell a greater attack against your systems, by a well funded quasi-governmental group? You need to work with intelligence professionals.
As you ponder what to do, what to recommend to your organization, now would be a great time to re-read Winn Schwartau's seminal book, Information Warfare. He certainly anticipated today's business environment very well.
Winn, I wish you had been wrong.