There are likely IT people within the company that see the problems and know how to fix them but they will be ignored. CxO types hate those annoying IT people that are always complaining about security. They will bring in a solution sold by a slick sales person at a major company.
Is likely the most accurate statement I've seen in a while. In my 20+ years in the tech/IT/OT field, what a salesman is selling to (non-tech) management seems to trump the feedback that is received from tech departments. Case in point, just this week there is a copier/printer vendor that insists on installing a software agent that is suppose to report back meter readings and troubleshooting info to them (and "managing our printing costs"), but looking into it, it has capability of scanning entire network and reporting on every device it sees. As lead network and systems administrator, I say no way will I allowed an externally controlled and reporting network scanner on any of our secure networks - and I'm being framed as being uncooperative, not considering my report that the vendor solution will break many layers of security,...I may have to make sure the agent is disallowed in group policy, in case it can be installed in user space without elevated rights on the machines (wouldn't surprise me that they'll just try installing it on a user's workstation)...
Memory fault - where am I?