> And if vulns are this profitable, where's the incentive to prevent them in the first place?
Prior to upgrading their software, where was the incentive for your client to keep everything up to date and put in the infrastructure needed to patch all of their systems minutes/hours/days of a new zero day?
I can't speak for your customer (obviously), but do you think they would have invested 5% of their budget in upgrades for this particular hack? A ransomware attack shuts you down. This is blackmail/corporate espionage stuff. Very easy to ignore depending on what your company is saying in their email.
I have a client who was hit with ransomware that exploited holes in RDP. They paid Microsoft about 5% of their annual IT budget to upgrade.
How much more license revenue and 365 subscriptions will this latest fuckup generate?
And if vulns are this profitable, where's the incentive to prevent them in the first place?