So far, these attacks don't seem to have prompted security improvements. I guess that for large companies, the payment is a small sum, comparable to the fines they pay every once in a while.
Security improvements seem to be driven more by regulation (GDPR), competition (when did ElasticSearch release TLS support for free? Not after the Nth open ES cluster - only after Amazon competed with them), and large costs (switching to Linux servers because they're cheaper. Though there are concerns about current security practices there too...).
Security improvements seem to be driven more by regulation (GDPR), competition (when did ElasticSearch release TLS support for free? Not after the Nth open ES cluster - only after Amazon competed with them), and large costs (switching to Linux servers because they're cheaper. Though there are concerns about current security practices there too...).