Recently new exploits which target Microsoft browsers have wreaked havoc on more than one company including at least one of the big6 accounting firms. Companies have been forced to virtually shut down their systems to prevent hackers taking control of everything
from browsers, and computers to telephone systems. It certainly isn't pretty if you have thousands of workers unable to switch on their PC or make a phone call.
SQL injection attacks are loading the payload into hundreds of thousands of websites as you read this and any poor soul using MS browsers are likely to have trojans installed on their machine.
Anti-virus software will not protect you.
It's getting to the point where companies may have to start 'whitelisting' websites, rather than blacklisting bad ones, that list is just getting too big.
Our own website has been attacked (unsuccessfully) with ever growing frequency. Perhaps I've upset someone, but I doubt that we are experiencing anything too different from the rest of the websites out there - except for one particular very sophisticated
and potentially deadly attack which had not been seen in the wild except by a single other site. It doesn't really help to block IP addresses because these attacks often spoof a site in China, Taiwan or Russia. Short of blocking whole countries, it wouldn't
help and even then it is easy to use some poor unsuspecting user's computer in a zombie attack.
The big problem is that users don't have to do anything like open an attatchment or purposely download a file to be compromised.
Companies really have to evaluate whether it's worth a lost day for the corporation just to have access to random sites on the internet. It may make more sense to have sites vetted by the IT department before allowing users to visit them. The IT department
will have to use sandboxed computers to do the vetting and keep checking them as long as they allow their users to visit them. Spare a thought for those poor harried IT guys, it's not their fault.
The web is currently 'owned' by the bad guys and don't believe the snake oil salesman for a minute.
There is no 'keeping ahead of the fraudsters' we're all way behind, especially if we keep using poor methodology in internet and transaction systems.