The majority of these breaches have one thing in common. IT teams are failing to practice basic security hygiene. Cybercriminals target known vulnerabilities because they know that most organizations will have failed to patch or replace their vulnerable devices. WannaCry targeted a vulnerability for which a patch had been available for months. Shame on them. But Petya followed a month later and targeted the exact same vulnerability. And millions of devices were still affected. So, shame on us.