Rip the band-aid off and just do it. To act like things are going to get better some other way is naive. Companies that can’t keep their shit secure should be buried and people will vote with their dollar.

For the moment, I disagree with this article. I’d be interested in some more reasons that paying ransoms shouldn’t be prohibited, or at least forced to be public like any other corporate line item.

Whether the victim is critical infrastructure or not, I’m not sure attacks become less appealing unless there is no direct/quick financial payout. There will always be extortion and intellectual property theft that can be monetized.