While it feels that way, in my experience, it is very easy to break into 10 poorly secured systems compared to just 1 properly secured and monitored one.
Okta may have messed up here, and there's no doubt they're a large target, but they're still a much harder target to breach compared to anything 99% of companies will be able to set up (unless you're a Fortune 50 company perhaps, and even then - it may not be cost effective even if you can make it work).
Expect to have 50+ engineers and other technical staff to be anywhere nearly as secure with a custom solution. A roll-your-own solution with a small crew supporting it can never compete.
The amount of effort they invested into breaching Okta is probably way more they'd invest in breaching any single company's SSO.
If "LAPSUS$" is after big companies with significant IP they can hold ransom for millions of dollars, it's most likely not even worth their time to find let alone attack your small company's on-prem SSO even if it was a single shell command away, so you'd still be more secure.
