Microsoft released their bi-annual Security Intelligence Report. This is a detailed analysis of the current state of malware and infection propagation methods on the Internet. Sources of data include Microsoft's Malicious Software Removal Tool (MSRT), which runs and analyzes over 600 million computers every month. Their key finding? The human is the number one propagation method. Eliminate the human element and you eliminate almost half of system infections (actually if you consider USB drives as part of human propagation is over 70%). Zero-day exploits? Less than 1%. As a result, one of Microsoft's top recommendations is
"Information security awareness and training are critical for any organization's information security strategy and for supporting security operations.In many scenarios, people are an organization's last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. It is therefore important to educate workers on what your organization considers appropriate security-conscious behavior, and on the security best practices they need to incorporate in their daily business activities. "
You can download the detailed Security Intelligence Report from Microsoft here.