Was there 2 factor auth?
Probably not going by this "
the theft was almost certainly due to poor security". Blockchain is pretty safe if you use all the security features.
2FA won't help if the malware is going to wait until the wallet is decrypted after the owner logs in.
What about if you have the second password option on to spend the funds, or is your entire wallet vulnerable as soon as you log in?