> “it’s a lot of work” should never be a reason for not securing an system.

It is, though. Software bugs are almost entirely optional: we could just formally verify every piece of software with a mathematical proof. Computer software would still be in the 70s or 80s because of how long that takes, but if security is the only goal of a system, that's what we need to be doing.

In practice, projects balance a multitude of concerns and, while important, cybersecurity is only one of them.

> It’s also invite to solve a problem so it’s not a lot of work. It should be easy to secure your systems from making outbound connection.

This, I agree with wholeheartedly. The way to improve security is to address the factors that put humans in situations where skipping important security steps makes sense.

It’s trivial, just set up your firewall correctly! But if the system works when you block all outbound connections it’s also trivial to describe the required outbound connections: none.

The problem is of course with the 99% of apps that do require some outbound connections.