Ed Skoudis, a founder of InGuardians, a network security company, is frequently brought in to help identify the techniques used in successful attacks against business networks. In a talk at the ongoing RSA security conference where he described common and successful hacker techniques, such as one called "," he said that a determined attacker can almost always break into his or her target network.

And for that reason, he says, smart companies will divert some of the resources they currently devote towards preventing attacks to identifying existing break-ins and kicking out bad guys who may already be siphoning off credit card numbers or other valuable data.

Considering the spike in stolen data incidents reported by Verizon Business in its recent , which found that 90 percent of the theft involved organized crime groups, Skoudis may have a good point. The also says that criminals are often choosing valuable targets and then figuring out how to break in, as opposed to scanning for vulnerable networks and then stealing whatever might be available.

Skoudis says that even a 5 to 10 percent diversion from intrusion prevention budgets towards identification and elimination could pay large dividends. Crooks typically stick around once they've invaded a network and continue to steal data over a period of time, and early detection can help minimize the damage.

And what does that mean for the rest of us, who may not hold responsibility over network security for a large company? Joe Stewart, who researches malware for a living with SecureWorks, a business security company, may have put it best: