This
so far as we can tell, the kill switch found and used during the last one made tons of IT people say "Oh ok, we're safe now"
... so they were still unpatched.
It's not the 90's anymore. Any business these days at a minimum needs monthly patching, reporting, enterprise grade AV and malware/baddie checking at multiple points all over the network. Plus you know, employee training. My email gets filtered three times before a user sees it, and we still sometimes get new stuff. Then you have the desktop AV just in case.
Morons. If it can't be patched, draw up a business plan for scheduled replacement. Or put them behind dedicated firewalls with very tight whitelists.