Re: Numbers
Not really. Consider the number of employees at the Footsie 30 companies, and the number of front-facing departments with a need to interact with the outside world for this or that an average of only 35 per seems reasonable. Their intranets will have even more sites, and without a caretaker for the CMS versions, or a design methodology that centralizes the content, they can slip behind versions pretty quickly. And that leaves known holes open. Plus these may have lots of static content, so there's probably a very real "setup and forget" mentality and accompanying small budget. "Why would anyone break into our <online thing>? No one would, it's not a target, so we need take no action." And they do, so here we are again. Doing nothing about security is what most enterprises do best, and that's good sport for the malwarevians.