Therefore, from an enterprise standpoint, it's important to focus on risk management practices that emphasize data protection, Cumming said.

Data from more than 10 million network scans also shows a surge in vulnerabilities being discovered in Microsoft Office applications and in attacks directed against them, said Amol Sarwate, manager of the vulnerability management lab at security vendor Qualys Inc.

The number of vulnerabilities discovered in Microsoft Office so far this year is triple the amount discovered in 2005, Sarwate said. Out of that number, which SANS did not release, about 45 involved serious and critical vulnerabilities -- and nine were zero-day flaws for which no patch was available, according to SANS. Most attacks against Office applications require users to open a malicious Word, Excel or PowerPoint document sent via e-mail.

But many attacks are being carried out through the Web, where users can be compromised simply by browsing malicious Web sites that exploit vulnerable client-side code, Sarwate said. "Hackers are now targeting common users" in such attacks, he said.

A sharp increase in Web application attacks this year also highlights a need for enterprises to pay particular attention to this area, said Johannes Ullrich, chief technology officer at SANS. The attacks aren't just aimed at the data behind a Web application but are also designed to use the Web server as a platform to launch client-side attacks, he said.