Nothing!

It seems that we (as IT practitioners all together) are not getting it. Have a look at this National Security Agency Cybersecurity Advisory and check the listed CVEs which are scanned for vulnerability and/or exploited: some go back to 2018, 2017, 2015 and patches exist.