On one side, cybercrooks, on the other one, bean counters. And IT in between.
CISA's recommended mitigations seem obvious, but are worth repeating: update and patch systems, use phishing-resistant multi-factor authentication and unique passwords, block unused protocols, upgrade or replace kit on schedule, trust no one, and monitor logs
It may be obvious, but how many companies allocate the adequate resources to IT teams to do these jobs? It takes a lot of time, a lot of means to do this.
== Bring us Dabbsy back! ==