"It's the same principal that you leave the lights on, the door locked in your neighbourhood," said O'Higgins, "because the house that's in the dark and the door is unlocked is going to get broken into first."

But while enterprises may have resources to assign a dedicated individual to ensuring perimeter security, they aren't exactly out of the woods, said Turner. Enterprises, too, must perform risk analysis, identify where confidential data resides, and protect and back up that data, he said, "because they should know that attackers are going to be targeting them if they can."

The corporate arena isn't the only target for cybercriminals. Employees have home PCs which also factor into an enterprise security strategy, said Turner, adding that a "good proportion" of today's malicious code and attacks are installed while browsing the Web. Therefore, enterprises must introduce policies regarding social network sites and using home PCs for work, for instance. "What if they picked up a keystroke login Trojan off their home system and brought that back into the enterprise network [on a USB key]?" said Turner.

"There is so much money at stake in the underground economy," said Turner, adding that a specific cross-side scripting vulnerability for a financial Web site for instance is potentially worth thousands of dollars for a hacker who wants to include the code in an attack tool kit.

Actually, Turner refers to the Underground Economy as a "self-sustaining economy" where "everything you need to be successful and drive and support the economy is contained and is for sale."