Re: "annual product release cycles"
The problem is, there is new software, but it is linked to new hardware. "An upgrade for a Win 10 compatible version of our CNC machines? Sure, we can do that, you just need to buy a new CNC machine!"
That is the problem. We just isolate the hardware from the network and carry on. You can work around things like that.
But what is important is that the operating system keeps getting security updates, whether that is on a $20 IoT device, a $200 smartphone, a $2,000 PC or a $20,000 server etc.
People often use technology for a long time. My brother-in-law replaced his Samsung Galaxy S3 Lite and his wife's S4 Lite last year... Those were a good 7 years old and were only replaced because WhatsApp stopped working on them! But those things hadn't had security updates since 2014/2015!
The problem is, nobody is willing to pay for support on those old devices, to get newer software or security updates, "we" have been conditioned to want the latest greatest new hardware, because that is the only way the companies know to make more money. Customer loyalty and satisfaction be damned! That leaves those that don't fall for the buying cycle, or how can't afford to replace devices on a regular basis are being put in "danger".
Society and companies need to change, to make things last longer and keep those devices supported.
That also means that we have to learn the value of that support and pay for it. The cost of the device usually has 2 years worth of updates calculated into it, then the user is expected to pay again for a new device. This needs to change, either the support for longer periods needs to be calculated into the price of the device (some high end devices already have this, to a certain extent, look at Apple's iPhone support lifecyles, for instance, or Microsoft's for PC, up until Windows 11, compared to Android generally being out of support after 2 - 3 years; it is slowly changing, 4-5 years is becoming more common, at least on high-end devices).
Maybe it means we have to take out extended support contracts on our devices to keep them going. Or actually thinking about what you are buying and whether it actually needs to be smart...
Our SmartTV is no longer connected to the network (and complains regularly about that fact), because it hasn't received security updates for 3 years now! No way I'll spend extra to buy a "smart" appliance again. I want to keep the appliance and the smarts separate to minimize untimely waste, by having to throw away a perfectly functioning device, just because it is too (cyber) dangerous to use.
Does a dishwasher really need to tell you it needs more salt or cleaner? Do you really need to start it when you aren't at home? We bought a good quality non smart version. The same for the washing machine, it has a timer, that is good enough for us, we don't need to see how far through the cycle it is, when we are at work.