[belter]

You are completely ignoring the fact that some countries, some airlines and some 911 centers, many hospitals were not taken down. The reason? The diversity and phased deployments I am arguing for.

> Also you are still ignoring, that for many of these companies they have not have a choice due to compliance requirements.

They have a choice. They could run their system properly. You are arguing for reasons of compliance...When this incident is the clear demonstration being compliant has nothing to do with being secure and robust.

[nikau]

Welcome to new generation "cybersecurity" experts that just regurgitate buzzwords like "compliance" and "guardrails" in addition to filling out risk matrix spreadsheets.

Its all PaaS/SaaS now, old-school properly engineered isolated solutions require too much expensive staffing.

I'm waiting for a vendor like zscaler to be hacked - what could go wrong with having thousands of companies do MITM SSL interception via a single vendor.

That's a nice juicy target for hackers if I ever saw one...