Unpatched client software and vulnerable Internet-facing web sites are the most serious cyber security risks for business. Lesser threats include operating system holes and a rising number of zero-day vulnerabilities, according to a new study.

A leading security education organization, the SANS Institute, has released a new report describing "The Top Cyber Security Risks." It may be read for free (no registration required). Here are its key findings, quoted from the executive summary:

Priority One: Client-side software that remains unpatched
"Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office.

More: http://pcworld.com/article/172082