The answer, sad to say, is all of the above. These attacks, and thousands like them, demonstrate that building a secure perimeter around our computer systems is no longer enough. Firewalls, intrusion detection software, and anti-virus programs are all important, but no matter how robust a perimeter they may create, malicious hackers can and will break through. What we really need is a new approach to designing the systems we want to protect, an approach that can make those systems inherently tamper resistant and capable of surviving assaults. Otherwise, we are simply erecting concrete barriers around a house of cards.
The need for such an approach has been made all the more urgent by a major shift in cyber crime. Yesterday, hackers cracked systems for thrills and notoriety; today, they do it for profit. Its become a full-time job, staffed by dedicated professionals.
Read this article from ZDNet