Cyber Vigilantes' Guerilla Tactics

Toby Weir-Jones, British Telecom's vice president of product strategy for managed security solutions, can tick off the problems inherent in trying to protect corporate data.

"The notion of a single front door is gone," Weir-Jones says. "You've got wide-area networks, multiprotocol label switching, virtual private networks, extranets with partner connections, super-important customers who get to come into a different piece of the infrastructure. There's not really a single ingress point anymore. You also have to assume that malware will be present on your network. You don't try to guarantee that it won't get in."

But that doesn't mean he's giving up.

Instead of trying to build a digital Chinese wall around a company, security experts are figuring out where the valuable data or intellectual property is stored then building rings of access around that data in a manner that resembles the Pentagon. The inner ring is the most secure, while everyone can still do work with limited access in the outer rings. The more people with access to the system and the more things going on, the more intricately you need to set up those rings. All data is encrypted, and access to the most valued secrets may be on a one-time basis with a password that works for one hour--and it may require three sign-offs from top executives to make it happen.

In Pictures: The Year's Biggest Data Breaches

"The new way is to secure as close to your crown jewels as possible," says Richard Isenberg, director of security at CheckFree (nasdaq: CKFR - news - people ). "You build outward from that. There's a lot more focus on internal security, too. Suppose someone is onsite and has bad intentions. The fear among financial companies is mass export of data. One database could contain millions of social security numbers matched with names and addresses, which could lead to a theft of millions of dollars."

Banks have been particularly forward thinking when it comes to security. When you log in to an online account, the banks utilize a pattern-recognition database to determine what Internet Protocol address the person is using, what operating system the computer uses and what the resolution of the monitor on that computer is--and it compares that information to past history.