It is good to review this Annual report:
http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf (may have to fill out some information to get it)
1) 1% of all high urgency CVE (Common vulnerabilities and Exposure) were actively exploited.
This means organizations must prioritize and patch high urgency vulnerabilities.
2) Since Blackhole exploit kit in 2013, it has not been topped by a newer better one.
3) Java exploits decreased by 34% (go to easier attack vectors?)
5) Spam volume increased by 250% from january 2014 to November 2014
6) Snowshoe spam (low volumes of spam from a large set of IP addresses is a threat (avoids detection)
7) Online criminals rely on users to install malware (still highest point of entry)
8) Heartbleed – the security flaw that exposes OpenSSL, 56% of all OpenSSL versions are older than 50 months and still vulnerable.
9) 59% of CISO (Chief of Information Security Officers) view their security processes as optimized compared to 46% of Security Operations (SecOPS) managers.
10) Less than 50% of respondents use standard tools such as patching and configuration to help prevent security breaches.
11) 75% of CISO’s see their security tools as very effective.
12) larger and midsize organizations are more likely to have highly sophisticated security postures, compared to organizations of other sizes in the study.
Also some interesting java related info details: