So to recap
About ten years ago it was highlighted that these systems have laughable security if any at all....mostly the latter.
Just now, another report shows that the industry has done nothing to remediate said systems or come up with new protocols and designs that are secure by default.
You were told ten years ago and you have done nothing since and are now whinging it is too difficult because there are too many things to fix, most of which can't be and yet you still installed the same old crap systems that were know to be insecure.
If you had started 10 years ago you could be shipping proper secure systems now and it would be a start, and mitigate existing ancient systems by air gapping them or firewalling them off, wht something when you can stick your head in the sand and do nothing and get paid for it.
I still remember a conversation I had with a conveyor system supplier about patching their Windows servers controlling the system, their answer was they don't support patching and we wuold need a dev system to test on, because everyone has a dev warehouse, we were also their first customer to request 2016 (in 2019) and they didn't know if it would work or not. They also have to run their software as a logged on user on a console session or it wont work.
These systems, companies and developers have fallen in to an archaic mentality and don't see the problem. If i was hacker I would be targeting them for ransomware because I bet there are running unpatched systems and have very poor security if any just like their systems.
Biting the hand that feeds IT
