Earlier this year, Computing published an in-depth analysis of the challenges for protecting the UK's critical national infrastructure (CNI) - such as banks, energy companies and key government departments - against cyber attacks (Computing, 21 April).

This week we report a warning from the National Infrastructure Security Co-ordination Centre (NISCC) of a concerted attack on the CNI, which reinforces the reality of this threat.

Online crime is getting smarter - in this case key organisations and individuals are targeted, rather than the scattergun approach common in the past.

Of course, the response from all computer users must be to get smarter still. But the warning from NISCC also shows that the most important defence is diligence. The centre's recommendations contained no radically new strategies for combating online attacks, just a reiteration of the basic, common-sense importance of anti-virus, regular patching and updating of software, and educating users to be wary of suspicious emails and attachments.

The most successful cyber crime still relies on a lack of vigilance from its targets - the technical equivalent of a front door left ajar, or a dodgy salesman invited into the house.

The head of the National Hi-Tech Crime Unit says computer crime fighting needs to become just another standard capability for everyone in the police. Similarly, IT security needs to be part of the standard training and skillset for everyone in IT.

Our Skills Roadmap programme, launched this week, highlights how technology professionals at all levels need to develop and enhance their skills as IT becomes much more business-focused. Security is one of the abilities that needs to be made a fundamental part of every individual's personal development and every organisation's business processes.

The focus on IT security will not go away. But unless it becomes a natural part of IT management, neither will the criminals.