There's nothing they can do right now, but my issue is that this will be forgotten when next update/purchasing round swings into action.
Take Mærsk who couldn't operate their freight terminals due to a cyber attack and had the entire operation being dependent on a hard drive in a server that happened to be offline. Have they improved network separation? Perhaps. Have they limited their critical infrastructure to only run whitelisted application? I assure you they have not. They've probably just purchased a Crowdstrike license.
Companies continuously fail to view their critical infrastructure as critical and severely underestimate risk.
Mærsk is kind of a bad example, because they made real security mitigations afterwards.[0] I cannot speak to whether they whitelist applications, but neither can you.
Take Mærsk who couldn't operate their freight terminals due to a cyber attack and had the entire operation being dependent on a hard drive in a server that happened to be offline. Have they improved network separation? Perhaps. Have they limited their critical infrastructure to only run whitelisted application? I assure you they have not. They've probably just purchased a Crowdstrike license.
Companies continuously fail to view their critical infrastructure as critical and severely underestimate risk.