If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented.This October 2009 Wired article is an example of what I'm (and they are) talking about. The headline states "Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks." It goes on to mention "The device is installed with default configurations." (See what I wrote about default configurations and what to do about them at Top Ten Security Threats, but in this case it would not have helped as Time-Warner did not permit changing the router in question.)
Another Wired article pointing out a similar problem states, Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices
Why don't we get it? None of it is expensive. None of this is hard. None of it is new.