The document discusses why advanced persistent threats (APTs) should not be the main focus of security worries. It notes that statistics show many vulnerabilities that are exploited are older ones for which patches already exist. The document advocates focusing on remediating known vulnerabilities within 30-40 days when the risk of exploitation is highest, rather than within the typical 100-120 days companies take on average. It argues securing the basics of configuration management, patching, and continuous deployment should be automated to raise the bar for attackers and make it necessary for them to be both advanced and persistent.