Marc Maiffret, CTO of eEye Digital Security of Aliso Viejo, Calif.
One of the biggest mistakes companies are making is not patching third party, non-Microsoft, software. Most patching tools and third-party products are inappropriately applying patches, and the result is that hackers are finding and exploiting these flaws.
Beyond antivirus, companies are not investing nearly enough in security on the desktop/endpoint side. Most of today's attacks are against client application vulnerabilities, but businesses still live in the old world of simply having antivirus on the desktop as the only solution. Standalone antivirus is dead. Attackers know this, but most businesses do not.