"The "4 lines of code" attack, as described in the article, relies on physically hooking up a fake PLC to the targeted plant. I'd argue that if you have hostiles able to add a PLC to your plant undetected, then network security is not really your main problem."
Depends how they corporate network is set up. I might be as simple as plugging the device into any spare network port in the foyer. I'm sure some networks will be that poorly set up.