Well, all we really know for sure is that they paid a penetration-testing firm a consultancy fee to identify where the network needs to be hardened. No guarantee they'll actually prioritize doing it.
Could you elaborate on where you see the hardening taking place?
Colonial had a threat actor in their network and by paying the ransom, they supposedly left without doing any more damage. I don’t think they patched a lot of systems or hardened their servers.
