You are absolutely right. The sophistication of the hack implies, you will never know how the attackers will get you. What an organisation can do is, firstly do better disclosures. Secondly, let's the end users know what is risk they have when they add keys, credentials etc. To what extent certain systems have compromised and what steps have been take to mitigate this. Thirdly, organisations should run drills, better access management systems, better auditing systems, have an XDR system in place. You will get hacked, security will be compromised, it is the ability to reduce the contagion risk is what the organisation should measure. Protecting their customers.
You cannot shutdown access to resources as developer need them for productivity. Secondly, your competitor is most likely going to take risk of hack and move faster in bringing features while you reduce productivity.
You cannot shutdown access to resources as developer need them for productivity. Secondly, your competitor is most likely going to take risk of hack and move faster in bringing features while you reduce productivity.