They need to stop that nonsense. NAT is not for security, and was not designed for security purposes. In fact, there are a few ways it subverts security, such as SNI in TLS making the connection less private than it could be.

If they want to block external connections, a border firewall can do the job just fine without NAT. It’s arguably better, because NAT complicates existing firewall rules and their implementation in code. Complications are the enemy of security.