Especially when your security admins are away on vacation/holidays...
They don't have to be on holidays. Poor configurations lead to a lot of holes and vulnerabilities. It's a lack of attention to detail and lack of desire to pay attention to that detail. Many have been trained to administrate their networks but few are trained to think security from the get go. As long as that exists, there will always be those that can by-pass firewalls, IDSes, pick out the honeypots and go to the bank with your data. As long as people assume they are secure, they will never be secure.

Better to be paranoid and think of all the possibilities than to get lax. The attackers aren't.