It’s a rough number, but I’d wager that 99 percent of computer security risk in most organizations can be attributed to two root causes: social engineering and unpatched software.
I’m not talking about pure numbers of success exploits, but overall impact. Many CISOs and threat intelligence analysts have told me that 100 percent of the biggest events at their company involved social engineering. Certainly, bad breaks enter your environment through other means, which is why we still need to secure our servers, encrypt our disks, and prevent physical intrusions. But in terms of the biggest impact, most organizations can tie those events to two root causes.
Source: Infoworld.com | Security