Of course
Nobody said there's not alot of stuff that CAN be done, much of it at low cost or free, but there are numerous other issues involved with this, in any business such changes still need management approval to be implemented, and often management is leery of open source and freeware solutions.
In the article it states that:"Lawyers for the two ex-employees say that Reid and Acheson had been "submitting proposals for years that would have prevented the problems, but the higher-ups at the university refused to implement or fund them."
Without knowing the exact nature of the network breach it's hard to say what could or should have been done. But based on currently available information it appears that management failed to follow the reccomendations of the technical staff, then blamed the same techs for not doing what management would not let them do.
