The days when solution providers, vendors and end users competed against each other for IT talent has evolved to now include organized hacker organizations that look and act like businesses, says Websense CEO Gene Hodges.

"I don't think the industry has ever had the balance of economics in new talent going the wrong way," says Hodges in an interview with VARBusiness. "If I were on the dark side, my talent economics would be in good shape and I would run my black hat operations like a security company."

Hodges may be right. Organized hacker gangs are nothing new. When Onel de Guzman unleashed the LoveLetter in 2000, the virus was little more than a weapon in a crude hacker-gang war. Hackers operated in a world of mediocrity -- their standing among peers was based entirely on the strength of their exploits and the attention (often through damage) they garnered. The model rapidly evolved by the midpart of the decade where hackers and criminal syndicates figured out there was more to hacking than bragging rights and started organizing attacks, spam distribution and phishing expeditions.

The next phase of the digital underground's evolution, says Hodges, is to truly act more like a virtual business -- with all the power of a legitimate business's planning and organization, but with the benefits of being able to evaporate in a moment's notice if law enforcement heat gets too high.

These new hacker organizations, according to Hodges, are well-planned, managed and executed. Organizers, or hackers, are approaching attacks like businesses. Rather than simply targeting low-hanging vulnerabilities and breaking into corporate networks, the next generation is far more methodical. They target specific systems within organizations -- not because they're vulnerable, but because they have the highest ROI.

What makes these new groups dangerous, Hodges says, is their ability to tap the same or better IT talent than vendors, solution providers or end users can recruit and their agility. Think about it: a hacker group can recruit highly trained computer programmers and engineers from around the world, having them operate in a loosely federate network, launch sophisticated attacks and then walk away like a ghost in the wind with millions of dollars under their digital arms.

"This is going to make more money than running drugs from South America on speed boats and it's a hell of a lot less risky," Hodges says.

What does the security industry need to counter this next wave of threats? Hodges says agility. None of the major security vendors, including his company, are agile enough to identify new threats and bring countermeasures to market fast enough to make them effective. The reason, he says, is the current business model means management has more concern for the bottom line than research that leads to beneficial security protection. And the major vendors are too adherent to their own bureaucratic structures, which typically slow innovation.

"We've gotten big and fat, and we can't compete against faster threats," Hodges says. "We need to get innovative and be willing to break the rules."

Breaking the rules is something a few companies have derived tremendous success. Texas Instruments, for example, has a detached group called the "Lunatic Fringe," whose sole job is to investigate ideas and innovate technologies without concern to ROI or P&Ls. Xerox's Palo Alto Research Center was once a center of pure IT research that gave the world such innovations as the graphical user interface and the mouse.

Hodges believes the security industry needs to develop fringe groups that act as freelancers and operate outside the corporate bureaucracy. These groups must push the boundaries of technology, threat assessment and organization to understand emerging threats and quickly develop countermeasures. And, most of all, vendors, solution providers and defenders of call colors must learn to share information more equitably and liberally, since only then will security pros know about new threats and how to defeat them.

"It's time to innovate and get agile and be willing to break your own rules," Hodges says.

Are you seeing a shift in hacker organizations and sophistication of attacks? Do you think you're up against a new breed of more educated and skilled hacker? Do you think the security industry is too slow to defend against attacks? Share your thoughts with me and the rest of the world.