A new wave of data breaches across the cyber landscape should hammer home a simple message: IT security should top the list of business priorities in the next few years.

Consider just two stories from the past two weeks. Heartland, a payment processor for the likes of Visa and MasterCard, reported on Inauguration Day that its systems had been breached in 2008, revealing to hackers an indeterminate amount of credit card numbers and cardholder names.

In Heartland’s own words:

“Last week, malicious software was discovered that potentially enabled data to be compromised as it crossed Heartland’s network.” The company’s explanation: “We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.”

Payments processors are among the obvious targets, with the most to lose and the most valuable data for cybercriminals to gain. But what happens when these companies react by implementing vigorous security measures (Heartland, for instance, says it is acting swiftly to encrypt data)? The hackers will look to second-tier data sources, where valuable information is still vulnerable.

Monster.com found this out the hard way when its network was hit last week with what reports are calling a major attack. A Monster.com spokesperson quoted in a Bloomberg report said “contact and account data was taken, including user IDs, passwords, e-mail addresses, names, phone numbers and some basic demographic data” of Monster users.

These are just the latest in a long line of ominous warning signs. Companies of every stripe (even those that don’t conduct transactions over the web) must watch out. If your IT system is incident-free, it behooves you to ask whether that’s because you have enacted the right protective measures — or because you haven’t really been tested.

On a related note, there’s a new certification available that seems well-suited to this new environment we’re all struggling to navigate. While it doesn’t make for a good acronym, the Certified Secure Software Lifecycle Professional certification from (ISC)² could well raise the stature of security among business and IT leaders. (ISC)², a global, not-for-profit group that specializes in “educating and certifying information security professionals throughout their careers,” has cast a wide net , encouraging certification for “the software developers, engineers and architects, project managers, software QA, QA testers, business analysts, and the professionals who manage these stakeholders.”

My fear is that businesses will take a “good enough” approach to IT security, right up to the point when it’s too late. Think back to the wake of Hurricane Katrina, when businesses everywhere dusted off their disaster preparedness plans and made necessary improvements. Think of Heartland, Monster.com, the U.S. Veterans Administration, TJX Corp. — the list goes on; see the sordid chronology here — as your wake-up call.

Unlike the risk associated with hurricanes, there’s no geography to a web-connected world, there’s only opportunity. Your data is someone else’s opportunity, unless you shut the gate.

(For some actionable information on IT security, check out this Forbes article.)

—Chris Chiappinelli, Editor, ManagingAutomation.com