To prevent Mirai you have to convince the least competent security camera owners running their corner supermarket or whatever to spend the money and effort. The people who are self-selected technologically illiterate cheapskates because they bought the cheapest Chinese IP security camera.

Yeah, you can always make this argument. "If only there had been sufficiently advanced and non-buggy firewall rules in place in firewalls optimally placed in the topology, looked after by competent networking staff"

It just doesn't work in most environments because you don't have firewall experts on staff and you have no incentives to spend money and effort on firewalls.

(And even for professional firewall wranglers it's hard in normal semi-chaotic IT organisations, you don't intrinsically get any assurance things are set up tightly, or that it remains so after network configuration changes, and you keep breaking working systems, you just get feedback for angry users that you've inconvenienced and you never get feedback from successfully defending against attacks. etc etc. And at the end of the day for the same money you could have gotten better security improvement by spending man hours (and hours lost by impeding your users) elsewhere, in line with end-to-end thinking.)