To suffer a significant damage from WannaCry, you need to craft a redundant clusterfuck of FIVE SIMULTANEOUSLY MET conditions:
- Failure to learn from previous cases (remember Cornflicker? It was pretty much similar thing)
- Workflow process failure (why do you need those file shares at all?)
- Basic business continuity management process failure (where are your backups?)
- Patch management process failure (to miss an almost two month old critical patch?)
- Basic threat intelligence and situational awareness failure (not like in «use a fancy IPS with IoC feed and dashboard with world map on it», more like «read several top security-related articles in non-technical media at least weekly»)
And after you won the bingo, you expect you can BUY something that will defeat such an ultimate ability to screw up? Duh.