PsExec will also most likely freak out your security operations team if it’s not part of your expected workflow (well, and if you have a decent SIEM, and it’s actually monitored...)
What stuck out to me was the part that said, "A similar attack affected the city’s phone system last year, shutting down automated dispatches for 911 and 311 calls." Clearly what they had didn't catch it (twice) and that's a problem with SIEMs - usually not configured correctly or to log the right things.
