Sure, most IT professionals are quite good at keeping the OS's on company machines up to date, along with the big, high profile pieces of software that see heavy daily use. The problem is that almost every company in existence relies on more than just these. There are often dozens, if not scores of other programs installed on a few machines here and there. These rarely get the same level of attention that the bigger, more visible programs get when it comes to keeping them updated.
As a case in point, according to Avast's survey, in excess of 94 percent of the PCs that have Adobe Shockwave, Skype, or VLC's media player installed on them haven't been updated in more than a year, which puts them woefully out of date. That, in turn, leaves a very large security hole in your company and offers any determined hacker easy access.
Worse, it's often the case that a company will retire a given piece of software, stop using it, but then fail to remove and properly uninstall all instances of it from the network. That means it's sitting there like a time bomb, waiting to be exploited.
The solution is simple, but fairly time-intensive. If you haven't conducted a comprehensive audit of exactly what is installed across your network and how long it's been since those programs have been updated, the time to do so is now.