[carewell]

I like your optimism and on my best days I mostly agree with it.

My skepticism is rooted in two phenomena:

1. Our society seems to be unable to address criminal behavior at the current scale, how can we expect it to improve if we expand the attack surface? Counties are unable to stop basic phone and tech support scams for decades now. There are just a few dozen companies that are responsible and we still fail. I can’t trust the authorities to be able to address more sophisticated scams at a bigger scale. Corruption is at the core of this. So now we also have to solve corruption.

2. Tech literacy is not enough to effectively avoid tech scams. It’s helpful for sure, but look at how many educated people got burned by crypto. I agree it’s work in progress and maybe we will become better as a society. But I need to see more proof to feel confident in that.

[eighthave]

It is true that many essential organizations cannot effectively defend their networks. But it is also important to point out that there are many orgs that _are_ effectively defending their networks. I've worked in IT in a huge range of companies, orgs, and context. One thing that is clear is the culture plays a huge role. Those with a culture of supporting people who deal with real problems fare much better, those with a culture of "Cover Your Ass" or "When you say jump, I say how high" are getting hacked left and right.