Organizations are making it easy for attackers to gain access, McAfee said. Remote access systems, a favorite target of attackers, are often left open or protected with weak and default passwords. A recent study conducted by Boston-based vulnerability management vendor Rapid7 found millions of devices connected to the Internet and open to probing. They also contain common vulnerabilities that can be easily exploited. Web application vulnerabilities are also a common pathway into organizations. SaaS-based Web application scanning is available. A Web application firewall that is properly configured and maintained can also help organizations apply a virtual patch while coding errors are fixed.