For the Economist, yes. The attack on PageFair was by spearphising an employee's email, so there isn't much owning your own infrastructure can do for that.
Sure it is... their external CDN account was compromised - no 2FA in place. Proper 2FA (read: 2FA reset key stored offline and safe, not done via mail) helps against spearphishing.
So for a business with their traffic needs, you'd recommend they do what? Buy up a bunch of physical locations all over the world and get some of OC lines?
I'd be shocked if they could stay out of the red, even at their size. Your proposal would also kill virtually every startup that needs a website.
No, that is not what I would recommend, so please don't label it "Your proposal".
My recommendation was already stated: if you use any external CDNs, make sure you don't fuck up those accounts. 2FA is one thing to safeguard against account compromise. Subresource integrity would be the next step, it's coming soon or is already here.
The problem with subresource integrity is that it ties you to one version of the code. That's fine for something like jQuery, but doesn't work in this case where you expect the code to change relatively frequently.
That's not really relevant here. Any company with compromised access to an important email account stands to have lots of trouble, regardless of tech or industry.
