How about the power companies that run our grid, pipelines, etc?
Some of the stuff I've seen still RUNNING the power companies is downright scary.
I won't say which companies, however some of them are still running Windows NT 4.0 Servers running core functions at the power plant. Most of these servers are now virtualized to eliminate the problem of hardware failures however they're still not protected properly with multi-layer security (DMZ, Web, App, Core network zones) or multi-factor authentication systems to prevent unauthorized access.
BTW: Just last week I caught several Russian hackers using DNS spoofing through compromised South American, Netherlands and Spain based companies trying to hack into one of our public FTP Servers. They tried brute force SSH password cracking and executed over 59,000 brute force attempts in just over 3 minutes.
They didn't get in because we require matching certificates and dual-factor authentication for Internet exposed services and within their first 10 attempts (which happened in microseconds) I had an alert fired off and tracing programs already running to determine the true locations of the Russian hackers.
My own opinion based on the results I collected is that it was Russian State Sponsored hacking. It had to be due to its sophistication, the sheer volume of brute force password attempts in such a small amount of time, and the fact that the IP's traced back to Russian Government facilities.
Granted, I'm not supposed to say those things outside the bank and the FBI (who we work with on these things -- they're working with ALL the top tier banks directly) certainly wouldn't "approve" of my saying it.
Better, but not secure in my opinion. I know a few things about the power grid networks having felt with their nation communications networks, and believe there are deficits in parts of that enterprise topology.