SABMiller: Conficker virus cost us £7.2 million ★ 29.9.11

More an more reports on the costs of Conficker have trickled in recently. Here’s another one from the CISO (you know that acronym, right?) of brewery giant SABMiller, producing delicious booze such as Foster’s, Miller, and Grolsch:

“Last April, I had to close down the Romanian operation for four hours because of the Conficker virus. It cost us £7.2 million [the revenue target lost, based on how much the breweries would have produced for sale during that time]”

He sold the halt of the beer production site to his board by arguing that

that the effect on the company’s market capitalisation would be far worse if SABMiller had manufactured and sold poisoned stock

Shouldn’t attack vectors for Conficker be barricaded by now? Of course, they could have their corporate network still running on old, un-patched Windows platforms. (Businesses have been strong supporters of the “never change a running system” mantra, though remaining IT vulnerabilities in aged gear challenges this stance.) But “poisoned stock”? Where should that come from? Do they run their beer SCADA systems on machines that would not discover a manipulation of its software stack? Where is the link between Conficker and “poisoned stock”?