The important thing about vulnerabilities is understanding the compromise vector (how the system can be compromised) and the likelihood that the vulnerability can be exploited by a hacker (referred to a risk).

If a system can be compromised through user action (i.e open an email, open a file or go to a Web site), then the risk is usually high, because users can be socially engineered to do almost anything. If the risk does not involve user action, then it becomes a matter of how accessible the system is over a network connection and if the system is listening on the specific protocol or port through which a compromise can be achieved.

Go back through the list of vulnerabilities for each operating system over the past six months and ask yourself how likely it is that a system is going to be compromised. Then come back and let us know what you think.

Cheers

Exactly!!

6. Develop a computer disaster recovery plan.

If your organization is impacted by a logic bomb, does your staff know how to restore operational and business essential functions? Make sure your organization has detailed instructions on how to rebuild, reconfigure and restore data to get you back up in running as soon as possible. Prioritize which assets need to be brought back online first, being cognizant of interdependencies. Review your disaster recovery plan on a regular basis and be sure to test the plan using spare equipment.

Who are these industry professionals?

Anyone pressuring the Obama administration to take action clearly doesn't understand why hacking continues to be a problem. If they understood the problem, they would know that it's going to take a lot more than legislation, USCYBERCOM and collaboration between government and the private sector to turn the tide in this ongoing cyberwar.

Hacking is not a mystery.

More sophisticated scanning and robust firewalls are not the answer.

Self-education and setting realistic expectations is going to move things forward and in the right direction.