More than half of all OpenSSL versions still remain vulnerable to the Heartbleed bug, according to the Cisco 2015 annual the security report.
Heartbleed, the dangerous security flaw, critically exposes OpenSSL.
Yet 56 per cent of all OpenSSLversions are older than 50 months and are therefore still vulnerable.
This is a strong indicator that security teams are not patching.
The report, which examines both threat intelligence and cybersecurity trends, reveals that organisations must adopt an 'all hands on deck' approach to defend against cyber attacks.
It found attackers had become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity.
It warned defenders, namely, security teams, to constantly improve their approach to protect their organisation from increasingly sophisticated cyber attack campaigns.
These issues are further complicated by the geopolitical motivations of the attackers and conflicting requirements imposed by local laws with respect to data sovereignty, data localisation and encryption, according to the report
It revealed a 280 per cent increase in Silverlight attacks along with a 250 per cent increase in spam and malvertising.
Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses to avoid detection, is also an emerging threat
However, Java exploits have decreased by 34 per cent, as Java security improves and adversaries move to embrace new attack vectors.
Users' careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure.
In 2014, the pharmaceutical and chemical industry emerged as the number-one highest-risk vertical for web malware exposure.
This has led company executive to take not, with 91 per cent of respondents from companies with sophisticated security strongly agreeing that company executives considered security a high priority.
The report also found Widely used exploit kits were being quickly dismantled by security companies.
As a result, online criminals are using other less common kits to successfully carry out their tactics — a sustainable business model as it does not attract too much attention.
"We used to worry about DoS, now we also worry about data destruction," he said.
Sign up for CIO Asia eNewsletters.