My summary from the report:
- Desktop applications and web browser plugins are target and biggest threat as they are not patched as frequently as underlying OS or browser.
- IT departments aim their efforts on IS patches more than application patches
- Conficker is still main (90%) source of attacks on Windows operating systems.
- Zero day vulnerabilities are on the rise, the ease of finding new ones increases.
The paper also includes real life example of the attack that cost one company 200MB of sensitive data.
I also like the linked paper discussing 20 critical security controls for effective cyber defence that every company should concentrate on.