Sounds like the Author is arguing in favor of “security through obscurity”. There are well-known issues with this approach that those interested can research.

What a horrible article - defending garbage enterprise security practices against the KYC regulations?

No system is unhackable? You know what? No regulations say that you have to store sensitive information on an online machine. Also, no regulation prevents you from installing security updates in a timely manner.

Every time a hack happens, the response is always "very sophisticated state-level actors". You know what's behind 98% of them? Password enabled ssh (with the password being $COMPANYNAME123), client-sided password verification in javascript, and when authentication works, frequently it only protects the login page - if you know the direct URL to a resource, just type it to go around the login. Or just simply running on a system that hasn't seen an update since the pandemic. All these keep happening to this day.

It really wouldn't take a lot to make things work, all the tools have been available since a long time.