I don’t usually go to Microsoft to get security advice, but an article written back in May of 2004 (linked here) is a very convincing example of why IT professionals need to take security seriously.

Now, this is not to say that external monitoring systems do not exist
to mitigate these problems, because they do exist. However, they are
generally outside the realm of most businesses’ interest and usability.
Personally, I find this rather alarming. Companies like Tripwire
have been doing critical file system fingerprinting for a very long
time now. But that is the only company I can think of that even does
this kind of thing. Sure, there are probably one or two others, but my
point is that that market hasn’t picked up on the type of technology.
That means either that the technology is not sound, or that nobody is
really interested in it enough to create a large market out of it.
Unfortunately, I believe it is the latter.

So, my point is that as IT professionals, we need to be pushing our
vendors for higher security measures. Less critical security bugs. Less
patching required. Etc. Etc. Being in the world of EDI these past few
years, I have grown accustomed to the concept of “charge-backs.” Maybe
it’s time we start pushing the issues back to our vendors. At very
least, we need to make sure each of us are taking a serious look at
every piece of our infrastructure to analyze the security risks
involved in them.