Here's a nice piece of article on security. The article is just a summary, I suggest you follow the links in it and read the entire report for Symantec.

"Recently Symantec released their latest Symantec Internet Security Threat Report, and it is a document that all security pros ought to read. It's free (although you do have to register to get it), it's detailed, and it's full of data, information, and even some knowledge. Let's take a look at some of the more interesting data points in the document and see what we can gather from those.

And now we reach the crux of the matter. Given that (a) we have a new virus every hour, (b) an army of bots, (c) popular software increasingly used as an attack vector, and (d) the increasing involvement of organized crime in security attacks, then it's no surprise that the time we have to prepare for each new attack is small and getting smaller.

Six days between vulnerability and exploit. Who can prepare for that? How many vulnerablities are you watching? How many can you, or your team, watch? Automation is an answer - for instance, I was heartened to learn that a major anti-virus vendor now has its software default to checking for updates every four hours (just a few years ago, it checked every week) - but it's only one answer. I write a lot about ways to get your users - and the bean counters - involved in security. Now, more than ever, we're going to have to redouble those efforts."

Read Article