Victim blaming?

Do companies that were affected by WannaCry only have to blame themselves, or is that “victim blaming”? Let’s do some soul searching.
 
Was WannaCry special? Yes, because it was based on tools allegedly stolen from the NSA and it caused significant trouble in the real world. Yes, because it got a lot of media attention. On the other hand, no, WannaCry was, for us at Schuberg Philis and many others, pretty much a non-event. It was a worm that spread via port 445 (the SMB protocol) and it used a vulnerability that was patched by Microsoft two months prior to the attack. Strict network filtering, along with rigorous patching has saved us a lot of grief. And, if we had been hit, we are confident that we would have had a sound backup strategy to prevent serious damage/data loss.