Time for a new post! Actually, it's a bit overdue but I guess I needed something to get fired up about.
"The fact is, many – if not most – of the findings your vulnerability scanners spit out are not as big of a deal as they're made out to be. Be it a vendor marketing trick or people trying to justify their jobs, you have to take the findings of your vulnerability scanners with a big grain of salt." [From SearchWindowsServer.com]
I'm not saying that IT consultants out there are willing to exploit every vulnerability for profit, but I have no doubt it's tempting, and consultants are only human.
Small businesses are very vulnerable to these practices and more. Microsoft Partners are presented by Microsoft as technically-proficient, but a huge amount of the so-called "training" provided has much less to do with computing theory than it does having a mastery of product features.
Another great example of why you should look critically at your IT support as much as possible to ensure that the solutions you pay for are the ones you really need.