One of my clients was recently hit (again) by the Conficker worm
. The company's systems were all fully patched, yet the malware still managed to infiltrate hundreds of machines. It was evident that worm was able to spread rapidly via a network share vector. But the real question remains: How did the worm infiltrate the network in the first place, given that all the systems were patched?
This scenario perfectly illustrates the importance of root-cause analysis -- that is, determining how your company can be most successfully attacked by malware and malicious hackers. While there's no single, general recipe for achieving this goal -- that requires full security review of your particular environment -- you need to perform a dollar-wise risk assessment, starting with a root-cause analysis.