Webroot estimates 80 per cent of malware on the Internet are attacks of opportunity.
Webroot CMO, David Duncan, said generic malware targets systems that are not updated regularly to gain access to known exploits.
Updating systems keeps this issue at bay, though Duncan said advanced persistent threats (APT) are changing the attack vector.
"APTs don't target known exploits but are customised to go against an organisation," he said.
Unlike attacks off opportunity, APTs come with highly customised codes design to go penetrate organisation's defences and pull out data.
"It has been specifically been developed to attack a single target, as opposed an attack of opportunity that attacks everyone," Duncan said.
Spear phishing is also starting to show up through LinkedIn requests, particularly following events such as conferences.
"You meet a lot of people at a conference and can't remember everyone when the LinkedIn requests follow," Duncan said.
"These are social engineered attacks designed to get an APT on the system through executives and directors."
Webroot is the largest privately held security company, and Duncan disclosed some of the security vendor's numbers during a partner event in Sydney.
The company generated $US110 million revenue through June 30, and Duncan expects the number to be between $US130 to $US140 million this year.
In the consumer space, which Duncan said some of the large players have "left for dead," Webroot grew by 20 per cent last year
"The population and the number of devices are not going down, so anything connecting to the Internet can benefit from security," he said.
Webroot's business segment went up by 98 per cent year over year while the OEM segment grew by 30 per cent.
The security vendor provides protection to 7.5 million end points, as well as 27 million users through OEM partners such as Palo Alto Networks, F5, Cisco and Aruba.
Sign up for Computerworld eNewsletters.