Re: Typical problem of many large organizations
" lack of understanding of the existing infrastructure within the organization, lack of infrastructure to perform pre-deployment testing of patches or upgrades, lack of skill to minimize the downtime or risk from the deployment."
Sometimes there is plenty of skill to minimize downtime, there are testing platforms and there is full understanding of the existing infrastructure.
Sometimes it's knowledge of the existing infrastructure, and knowledge of what the minimum downtime will be and knowledge gained from pre testing that means certain upgrades are delayed. Sometimes suppliers are required to do the upgrade at an engineer cost of £1,500 a day due to their support contracts.
Like useful backups, business continuity, disaster recovery and data/network security - anyone who thinks it is easy probably isn't doing it right (or is running a very small infrastructure).
Nothing to excuse this current Equifax issue which would not have required significant effort, but sweeping statements that it is always incompetence that means every bit of software isn't upgraded immediately after a patch becomes available doesn't understand reality.
Anyone who is so confident put all your external facing systems through https://observatory.mozilla.org and report back your scores for the observatory tests and all the third party tests. I would of course expect you to have 100% or A+ in all of them.