I'm curious why ransomware is something that you are scared of. If you do filesystem level snapshots and proper backups, ransomware can be as simple as flicking a switch or at worst case scenario just an annoyance from restoring from backups and cleaning the infected machines.

I know sometimes situations arise in some organizations where a single machine will have (stupidly) been the only machine with certain data on it, so that can be a problem.

I think the hardest is solving the stolen data stealing problem, though. Many people play fast and loose with data all the time, send it from here to there in random ways rather than actually lock down the process and pathways it goes. That one is truly terrifying.

We will keep following and updating, and can’t help wondering if those breached companies are being held accountable in anyway for not putting enough of their huge profits into protecting their most precious and private data.

The answer is no. What has arisen in the last few years to deal with these things are exactly the same things you would expect from a corporation: legal solutions instead of technological ones. Basically, companies are increasingly signing into agreements where they effectively get data breach insurance. If they get fined, if they need to pay for victims' identity protection services, etc, the insurance will dish out accordingly.

Which of course, is going to weaken technology security in this country. What employee will care about security if they have this massive safety net behind them? I've heard things like: "We have a security department and I'm just a random coder, so why do I need to know what a buffer overflow is?" and "Why do I need to learn encryption methods?", etc.

This stuff is only going to get worse until people start realizing that technology is the solution. By then, the average company will not have the capability to solve security problems on their own and will be forced into cloud solutions where security is not in their hands, which itself introduces other security risks at the same time as solving existing ones.

What's truly terrifying to me is if Amazon, Google, or Microsoft were to get hacked. We'd all be fucked, even if you don't use their services. Their cloud data providing services probably store a massive truckload of data, and even one bad employee there could leak parts of it even with the best security practices in place.