We have conducted a lot of security and risk assessments for clients. During the original conversations IT often tells us what products they have and that they have done everything they can. Once we get started we discover that the products are purchased but not installed. The reasons are that they tried but found this issue or that issue or it won’t work because of some obscure bug they read about that will affect them. Here is a solution, find a different way. The IT department should be looking for ways to get things to work and ultimately securing the business. No technology is perfect but consistent effort and checking can go a long way.
When is the last time someone checked your systems?