Attackers are always looking for new vulnerabilities to exploit technologies with large-scale adoption or use/create/modify malware that changes just enough to avoid known detection methods as it propagates through a corporate network. The same malware or vulnerability is rarely used after public discovery. The identification and sale of new vulnerabilities is a high-revenue enterprise, as is the sale of malware kits which can be customized and use as weapons against unsuspecting organizations. Cybercrime is a high-growth industry and the players are only getting better organized and their attack methods more elaborate.
The defenses widely in use today are limited to technology that is overly reliant on the known, is unable to adapt when attackers change their patterns, or find easier ways to sneak onto our networks undetected. The headline-grabbing hacks of 2014 — Home Depot, JP Morgan Chase, eBay — only serve to highlight this fact.