The security of corporate America when it comes to hacking clearly is not the priority it should be for far too many companies. Perhaps there is simply too much “trust” in the world, where defense is not the primary focus, with the exception being the government which has a focus on it (and clearly “offense” as well).
Not sure when/if this mentality will change, and the corps will wake up and make it a first priority. If they do not, something devastating is likely to go down at some point in the future.
I bet most corporate networks are using decent security practices. This looks like a targeted attack. It’s one thing to defend against script kiddies scanning the internet for common weaknesses, but if a determined group of hackers is trying to get into a specific system, nothing can stop them.