Where do the problems come from?
These days, it's a given that there are dishonest people in the world. People have to lock their front doors. The practical question is: how are dishonest people able to violate security? There are three main causes:
To illustrate these, perhaps it's best to step away from the IT word and think of someone trying to break into your house in the real world:
One lesson from these scenarios is that there will always be weak spots; perfect security is impossible to achieve. What we can strive for is making common attacks difficult enough that it's not worthwhile for people to attempt them.
Why are computers such a problem?
One aspect of this is the ability to conduct computer crime on large scales. Fraudsters can target millions of people in an automated fashion; this would be impossible on the phone or in the real world. Attacks can also be conducted remotely and anonymously, at less personal risk to the perpetrator. There's also a large exposure in that many aspects of day-to-day life can be conducted by computer.
The other aspect is a question of maturity. Go back ten to fifteen years and most cars had technical vulnerabilities, for example it was possible to "hot wire" cars to start them without the key. Nowadays, most cars it is virtually impossible to start without the key - the technical vulnerability has been fixed. Computers still have a lot of technical vulnerabilities, although the situation is starting to improve.
There is also a question of maturity in terms of people. Many people who are savvy in the real world are not used to doing business online and are susceptible to being tricked in the online world, in ways that they wouldn't be in the real world.
What are the main threats?
The most serious problem at the moment is large-scale monetary theft, achieved by targeting large numbers of normal people for fraud and identity theft. An underground service-based economy exists, where people specialise in a particular aspect of the theft, and much of the proceeds go to organised crime groups. These are the people behind the "phishing" emails that ask you to confirm you bank details, and many other attacks.
There are many other potential concerns, although not occurring with the same frequency, for example:
Why can't the police fix this?
Law enforcement is part of the solution, but just because stealing is illegal doesn't mean you can leave your front door unlocked.
Cyber crime presents particular challenges to policing models. The skills to police the Internet are not readily available. Traditional laws may not apply in the online world (can you steal 1s and 0s?) and computer laws struggle to remain current. There are often jurisdictional problems, when someone launches a hack across a national boundary, especially as there are countries which have no laws against hacking.
What can we do about this?
In the short term, taking some reasonable precautions can significantly reduce the risk of being a victim. Both individuals and organisations will have to invest some effort in this, and refrain from particularly risky activities, but the impact does not need to be significant.
In the longer term, I'm hopeful technical vulnerabilities will come under control, and people will learn to be savvy in the online world, just like the real world. Information security will never go away completely, but it will stop being such a pressing concern.