That is what has surprised me. I can understand if small businesses were caught here because they lack financial resources for the infrastructure and staff, but those large corporations like airlines etc... Why don't they have a staging environment where everything goes first? I naively assumed this was established best practice due to the risk of update issues bricking your organization.
But maybe anti-malware is given a blind eye because instant updates for zero day security issues are obviously attractive.
Still, though... In hindsight it's not workable for especially anything running system drivers with liberal kernel access.
I am not surprised at all. The level of DevSecOps' skills has been falling over the last two decades as demand for their skills kept growing. Most of them would report you to HR if you suggested they use WireShark to debug a networking issue. They are useless people who came to IT because of the promise of good pay and don't know how computers, networks work.
But maybe anti-malware is given a blind eye because instant updates for zero day security issues are obviously attractive.
Still, though... In hindsight it's not workable for especially anything running system drivers with liberal kernel access.