Part of epic fail - Short sighted
Have knowledge of this one as a third party contractor.
Management refused to dedicate proper resources to mitigate predictable risks and vulnerabilities. One man shop for 10+ Linux servers, 50ish workstations. Overworked and under budgeted.
Not the first time they were hit. Hopefully the last time.
Security is no longer an inherent luxury, you have to take proactive steps to prevent exploitation of known vulnerabilities.
Corporate America is still learning about the financial perils of refusing to address these serious threats.
Hopefully something was learned.