alt Hacker NewsAlmost all those events were on Hacker News. This hasn't been a secret.
Companies need to get serious about levels of security. Only some things need to be protected, and you have to accept a substantial level of inconvenience and cost for those items. In my aerospace days, we had a bidding rule of thumb that running a project at SECRET doubled the cost. Running a project at TOP SECRET had an even bigger cost multiplier. A surprising amount of material was not classified at all, for cost reasons.
Banks and credit card processors get this. Most other businesses don't.
Replies
The most effective security practice you can do is to strictly isolate any internet connected PC from computers handling important data. But this requires that people have two (or more!) different computers and is rather annoying.
More convenient is to only allow internet access from ephemeral VMs connected to via RDP or similar protocol.
They've been on HN, but that's the author's point. Even this article on HN- the top comment is a series of complaints about "hurr durr ai needs to get off muh lawn"
The point is that the people, who self-identify as the ones the author is supposedly asking for help, are the ones who are refusing to acknowledge the elephant in the room so they can feel smug. Just like your "but i read about every incident mentioned, where's my cookie"