If you want a security problem?
- Avoid regular backups, and don't maintain an archive of older backups.
- Don't have reasonable file-level security.
- Open IP ports all over the place.
- Definitely don't have solid passwords and password filters, and certainly avoid using certificate-based logins.
- Always use ftp and telnet, and avoid ssh and sftp.
- Download and authenticate random stuff.
- Download plugins claimed to be security tools or fixes, and anything claiming to be a video codec.
- Make sure you have a down-revision web content management system or writeable web directories.
- Don't have a decent firewall at the edge of your network.
- Run unencrypted wireless.
That is how you ensure you have security problems.
Rootkit detection tools? Anti-virus and anti-malware tools? In the event you are targeted and are breached, then you've probably made one or more mistakes, and your path back is likely going to be those backups.
Security isn't magic pixie dust. It's basic steps, basic management, those backups, and making sure that you're not an easy target.