One of the seemingly simplest ways to lower the ROI of attackers is to keep software up to date. Sophos Labs reported recently that, "91% of the booby trapped documents in our reports from January and February 2014 would have been rendered harmless by just two Microsoft patches, issued two and four years ago."
Experts are unanimous in saying enterprises need to install patches promptly. But Botezatu said it is not always as simple for them as it is for the individual downloading a fix to a laptop.
"Enterprises are known for their slow patching cycle," he said, "but this is mostly because they have to take the machines out of production, which means downtime and, implicitly, money loss.
"Another reason for not upgrading is that some applications custom-made for a company only work on specific configuration, such as Internet Explorer 6. An update would break the tools and rewriting these could be too costly for the company."
In general, however, the consensus is that basic but rigorous security measures will keep an enterprise ahead of the pack. "Organizations now have to focus more on restricting access to raise the bar," said Yo Delmar, vice president of MetricStream.
"That means a well-thought-out defense and in-depth strategy with continuous monitoring."
Coffman recommends having an outside company, "regularly scan for 'open doors' in your network that make you an easy target for the majority of potential data thieves that are just using inexpensive tools to troll for the slowest gazelle in the herd."