[Accujack]

>I feel like if any one person can seriously subvert something, you've already lost.

This is technically correct, but most companies (at least in the US) take the easy way out, just like they do for hiring. No college degree means no job offer.

A well functioning IT organization will not be vulnerable to a single malicious person, but having been in the industry for almost 30 years at this point, the number of corporations functioning to that level in IT is small.

The fact that most organizations are more concerned about lowering costs and increasing profits instead of quality means that managers take the easy way out... it's cheaper to just not hire anyone they deem a risk and not worry about improving IT's functioning because they don't see any downside to that in the time frame that concerns them.