An article on Threatpost makes a compelling point: despite the amount of press lavished upon attacks like Stuxnet or Aurora, most companies don’t need to be worried about the latest and greatest targeted attacks. They need to worry about the basics – SQL injection attacks, phishing, social engineering, and other “boring” threats.
For the vast majority of companies, especially ones outside of the Fortune 100, there is simply no present threat from something like Aurora. Complex, expensive security infrastructures aren’t what you need. You need properly hardened servers, trained employees, and developers who know how to write secure application code.