The bigger the network the more likely something like a simple vulnerability scan will take something down. For this reason many organizations don't allow blanket scans to take place which is a shame because if the scan itself is capable of taking down an important system on your network then clearly you have a huge vulnerability!
I remember when I was working as a security consultant doing a "safe" Nessus scan of a relatively small organization that happened to have a mainframe. The mere act of scanning the ports on the mainframe caused it to crash. The whole thing had to be rebooted and it took HOURS. Essentially, a whole day of work was lost.
When we met with the CSO to talk about it he was both happy and sad: Happy that we discovered such a huge vulnerability and sad that he was going to have to explain to his superiors that an action that he undertook (hiring security consultants to perform a scan) cost the business a lot of money.
I later found out that he was fired because of the incident.
That right there explains a lot about the state of IT security in business right now.
I remember when I was working as a security consultant doing a "safe" Nessus scan of a relatively small organization that happened to have a mainframe. The mere act of scanning the ports on the mainframe caused it to crash. The whole thing had to be rebooted and it took HOURS. Essentially, a whole day of work was lost.
When we met with the CSO to talk about it he was both happy and sad: Happy that we discovered such a huge vulnerability and sad that he was going to have to explain to his superiors that an action that he undertook (hiring security consultants to perform a scan) cost the business a lot of money.
I later found out that he was fired because of the incident.
That right there explains a lot about the state of IT security in business right now.