DigiCert's Seven Common Vulnerabilities was released in September 2014. These included SSL Certificate and Endpoint Vulnerabilities (this is the OpenSSL issue with Heartbleed), out of date servers (a secure and patched server from two years ago is not secure today), inadequately trained or overworked staff (can be IT or otherwise), unsecured intranet and mail servers (merely because these are behind your firewall does not mean these are 100% safe), self-signed certificates (although these are free, many still don't trust them), unsecuired file transfer protocal, and failure to conduct penetration testing (these on a continued basis are pertinent; contact me for a quote).