A few days ago I became the innocent victim of a "blended threat" attack when a Volkswagen Golf and a Hyundai Getz joined together and rammed my two-week-old car sitting in front of my house. Of course, as with all blended attacks, it was impossible to foresee that the idiot in the Golf would drive 70 mph in a 30, and that my neighbor would decide to turn right into her driveway just in front of him. The result was that they blended together, targeting my car.

Worse was to follow when the fire department arrived and decided that the only way to get the neighbor -- who wasn't seriously hurt apart from the wallop from the airbag -- was to cut the roof of her car. Of course, size 16 boots and cutting gear didn't enhance the appearance of my pride and joy. If only I had parked in the driveway...

Now some of you might be wondering what on earth I'm talking about. What is a blended threat? According to the AV folks, it's "an attack combining a number of traditional attack methods, like a worm, a Trojan horse, and a keylogger." Like myself this information may not make you any the wiser, but it certainly sounds impressive. But the question is, how susceptible are we to blended threats, and are these the threats we really need to worry about?

Today, everybody including your grandmother is using the Internet. The vast majority of users live in a state of paranoia that everyone from Bin Laden to the tax man is attacking their PC every time they connect. However, you would have to be increasingly unlucky (or parked in the wrong place) to fall victim to this, especially in the corporate world. Your IT security team has probably seen to it that you have every form of defense known to man on your infrastructure. In fact your PC is probably so well protected you can't even use it. And yet there is hardly a day that goes by that someone doesn't fall victim to another form of blended threat. While your IT security team is focused on perimeter security and extending that perimeter to the end point, they have forgotten what they're supposed to be protecting. They also seem to forget that the money to pay for frequently useless IT toys has to come from the business.