IMO it's shoddy. Anybody can get hacked, that's true. But a modern corp that has tried to defend itself should have multiple layers of defenses against complete pwnage.
If you've paid attention in the last 10 (or even 5) years as a company, and did some pentests and redteams, you've seen how you could be breached, and you took appropriate steps years ago.
A non-shoddy company will have:
- hardened their user endpoints with some sort of modern EDR/detection suite.
- Removed credentials from the network shares (really).
- Made sure random employees are not highly privileged.
- Made sure admin privileges are scoped to admin business
roles (DBA admin is not admin on webservers, and vice-versa).
- Made sure everyone is using MFA for truly critical actions and resource access.
- Patched their servers.
- Done some pentests.
This won't stop the random tier 2 breach on some workstation or forgotten server still hooked up on prod/testing, but it will stop the compromise _after_ that first step. So sure, hackers will still shitpost some slack channel dumps, but they won't ransomware your whole workstation fleet...
I guess you forgot the most important part: making sure your security and devops teams and people in company management follow exactly the same protocol as everyone else with no exception.
Because big bosses hate it when their PC don't just let them run whatever they want and they are not allowed to VPN into network from their home or their grandma desktop because they like her very much.
Also any Linux nerd sysadmin dude (like me) who know better is another type of person who hate following rules.
If you've paid attention in the last 10 (or even 5) years as a company, and did some pentests and redteams, you've seen how you could be breached, and you took appropriate steps years ago.
A non-shoddy company will have:
- hardened their user endpoints with some sort of modern EDR/detection suite.
- Removed credentials from the network shares (really).
- Made sure random employees are not highly privileged.
- Made sure admin privileges are scoped to admin business roles (DBA admin is not admin on webservers, and vice-versa).
- Made sure everyone is using MFA for truly critical actions and resource access.
- Patched their servers.
- Done some pentests.
This won't stop the random tier 2 breach on some workstation or forgotten server still hooked up on prod/testing, but it will stop the compromise _after_ that first step. So sure, hackers will still shitpost some slack channel dumps, but they won't ransomware your whole workstation fleet...