Cyber risk in buildings: A growing threat with high costs

🏢 𝗧𝗵𝗲 𝗦𝗺𝗮𝗿𝘁 𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗣𝗮𝗿𝗮𝗱𝗼𝘅 For the last decade, organizations have poured billions into defending networks: firewalls, SOCs, red teams, awareness campaigns. In 2025, global cybersecurity spend will hit $213B. And it worked. Hacking into most corporate networks today is far harder than it was ten years ago. 𝗕𝘂𝘁 𝗵𝗲𝗿𝗲’𝘀 𝘁𝗵𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅: The smarter our buildings become, the easier they are to break into Why? Because your badge readers, door controllers, BMS systems, and IP cameras are not “security devices” anymore: they’re networked computers with IP addresses. Many are outdated, unmonitored, and not clearly “owned” by IT, Security, or Facilities. Attackers don’t need to bypass your firewalls. With the right exploit, they can open your doors, ride your elevators, or switch off your surveillance. 💡 𝗧𝗲𝗻 𝘆𝗲𝗮𝗿𝘀 𝗮𝗴𝗼, 𝗶𝘁 𝘄𝗮𝘀 𝗵𝗮𝗿𝗱 𝘁𝗼 𝗴𝗲𝘁 𝗶𝗻𝘁𝗼 𝗮 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗯𝘂𝘁 𝗲𝗮𝘀𝘆 𝘁𝗼 𝗯𝗿𝗲𝗮𝗰𝗵 𝗮 𝗻𝗲𝘁𝘄𝗼𝗿𝗸. Today, smart buildings have flipped the equation. So the real question is: 𝗗𝗼𝗲𝘀 𝘆𝗼𝘂𝗿 𝗖𝗜𝗦𝗢, 𝗼𝗿 𝗮𝗻𝘆𝗼𝗻𝗲 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗳𝗮𝗰𝗶𝗹𝗶𝘁𝘆 , 𝗼𝘄𝗻 𝘁𝗵𝗲 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗼𝗳 𝘆𝗼𝘂𝗿 𝘀𝗺𝗮𝗿𝘁 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝘀𝘆𝘀𝘁𝗲𝗺𝘀? Because if not, why would an attacker waste weeks trying to hack your network, when they can simply unlock your doors and walk right in? #CyberSecurity #SmartBuildings #PhysicalSecurity #CISO #AccessControl

🏢 𝗧𝗵𝗲 𝗦𝗺𝗮𝗿𝘁 𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗣𝗮𝗿𝗮𝗱𝗼𝘅 For the last decade, organizations have poured billions into defending networks: firewalls, SOCs, red teams, awareness campaigns. In 2025, global cybersecurity spend will hit $213B. And it worked. Hacking into most corporate networks today is far harder than it was ten years ago. 𝗕𝘂𝘁 𝗵𝗲𝗿𝗲’𝘀 𝘁𝗵𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅: The smarter our buildings become, the easier they are to break into Why? Because your badge readers, door controllers, BMS systems, and IP cameras are not “security devices” anymore: they’re networked computers with IP addresses. Many are outdated, unmonitored, and not clearly “owned” by IT, Security, or Facilities. Attackers don’t need to bypass your firewalls. With the right exploit, they can open your doors, ride your elevators, or switch off your surveillance. 💡 𝗧𝗲𝗻 𝘆𝗲𝗮𝗿𝘀 𝗮𝗴𝗼, 𝗶𝘁 𝘄𝗮𝘀 𝗵𝗮𝗿𝗱 𝘁𝗼 𝗴𝗲𝘁 𝗶𝗻𝘁𝗼 𝗮 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗯𝘂𝘁 𝗲𝗮𝘀𝘆 𝘁𝗼 𝗯𝗿𝗲𝗮𝗰𝗵 𝗮 𝗻𝗲𝘁𝘄𝗼𝗿𝗸. Today, smart buildings have flipped the equation. So the real question is: 𝗗𝗼𝗲𝘀 𝘆𝗼𝘂𝗿 𝗖𝗜𝗦𝗢, 𝗼𝗿 𝗮𝗻𝘆𝗼𝗻𝗲 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗳𝗮𝗰𝗶𝗹𝗶𝘁𝘆 , 𝗼𝘄𝗻 𝘁𝗵𝗲 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗼𝗳 𝘆𝗼𝘂𝗿 𝘀𝗺𝗮𝗿𝘁 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝘀𝘆𝘀𝘁𝗲𝗺𝘀? Because if not, why would an attacker waste weeks trying to hack your network, when they can simply unlock your doors and walk right in? #CyberSecurity #SmartBuildings #PhysicalSecurity #CISO #AccessControl

Physical security systems such as access control, video surveillance, and intrusion detection were once stand-alone tools. Today, they are networked, integrated, and dependent on an internet protocol (IP) infrastructure.  This shift brings powerful capabilities but also significant risks. These systems are now targets for cyber threats. Nearly 30% of organizations report cyber incidents tied to physical security systems, often due to outdated firmware, weak passwords, or poor network segmentation. A compromised camera or badge reader can quickly become an entry point for attackers. At Safeguards Consulting, we believe cyber-hardening is essential. Our consulting approach strengthens resilience at every layer by focusing on secure configuration and encryption, proactive patch and firmware management, network segmentation with monitoring, and comprehensive incident response planning.   When organizations align physical and cyber protections, they gain the confidence that their people, assets, and spaces are secure against evolving threats. The question is no longer if you need to cyber-harden your physical security and other Operational Technology (OT) systems, but how soon you can make it a priority.   To learn how our team of trusted advisors can help, visit:  https://lnkd.in/e457TjNq   #PhysicalSecurity #CyberHardening #SecurityStrategy #RiskManagement #SafeguardsConsulting 

🔒 Critical Vulnerabilities Discovered in Hikvision Products 📡 Security researchers have identified multiple critical vulnerabilities in Hikvision surveillance devices that could allow remote attackers to execute arbitrary code and take complete control of affected systems. 🛡️ Technical details of the vulnerabilities: - CVE-2023-28808: Buffer overflow vulnerability in the firmware update component allowing remote code execution (CVSS: 9.8 CRITICAL) - CVE-2023-28809: Authentication flaw allowing credential bypass and unauthorized access (CVSS: 8.8 HIGH) - CVE-2023-28810: Command injection vulnerability in the network configuration service (CVSS: 7.2 HIGH) ⚠️ Potential impact: These vulnerabilities affect multiple models of Hikvision IP cameras, DVRs, and NVRs. Attackers could compromise these devices to spy on video feeds, disable security systems, or use the devices as entry points into corporate networks. 🔧 Security recommendations: - Immediately update to the latest firmware provided by Hikvision - Isolate surveillance devices on separate network segments - Review access logs and security configurations - Implement network traffic segmentation and monitoring measures For more information visit: https://enigmasecurity.cl 💙 Support our security research and disclosure work. Your donation at https://lnkd.in/er_qUAQh helps us continue protecting the community. 👥 Let's connect and discuss cybersecurity: https://lnkd.in/eGvmV6Xf #Hikvision #Vulnerabilities #Cybersecurity #ZeroDay #IoTsecurity #VideoSurveillance #CyberThreats #PatchManagement #SecurityResearch #EnigmaSecurity 📅 2025-08-29T08:23:43 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

In a recent report, it was revealed that 70% of OT/ICS vulnerabilities are buried deep inside networks, not at the perimeter. That should make us pause. If the majority of risk lives inside, why do we continue to invest most of our effort at the edge—with perimeter firewalls, IDS/IPS, and alerting systems that watch but rarely prevent? Perimeter defenses have their place, but they are not where the fight is happening anymore. Threat actors don’t just bang on the front door—they move laterally, exploit trusted connections, abuse native protocols, and live off the land once inside. Alerting after the fact only adds more noise. What’s needed are preventive, inline, and adaptive defenses inside the network itself—controls that can actually stop malicious connections, misused protocols, and unauthorized devices in real time. Static walls won’t cut it when the attack surface extends across remote access gateways, PLCs, engineering workstations, and vendor connections. If 70% of the vulnerabilities are internal, then 70% of our effort should be focused there too. Anything less is just rearranging sandbags at the edge while water pours in from the basement. #CyberSecurity #OTSecurity #ICS #NetworkSecurity #AMTD #DefenseInDepth #ZeroTrust

🔒 Critical Vulnerabilities Discovered in Hikvision Products 📡 Security researchers have identified multiple critical vulnerabilities in Hikvision surveillance devices that could allow remote attackers to execute arbitrary code and take complete control of affected systems. 🛡️ Technical details of the vulnerabilities: - CVE-2023-28808: Buffer overflow vulnerability in the firmware update component allowing remote code execution (CVSS: 9.8 CRITICAL) - CVE-2023-28809: Authentication flaw allowing credential bypass and unauthorized access (CVSS: 8.8 HIGH) - CVE-2023-28810: Command injection vulnerability in the network configuration service (CVSS: 7.2 HIGH) ⚠️ Potential impact: These vulnerabilities affect multiple models of Hikvision IP cameras, DVRs, and NVRs. Attackers could compromise these devices to spy on video feeds, disable security systems, or use the devices as entry points into corporate networks. 🔧 Security recommendations: - Immediately update to the latest firmware provided by Hikvision - Isolate surveillance devices on separate network segments - Review access logs and security configurations - Implement network traffic segmentation and monitoring measures For more information visit: https://enigmasecurity.cl 💙 Support our security research and disclosure work. Your donation at https://lnkd.in/evtXjJTA helps us continue protecting the community. 👥 Let's connect and discuss cybersecurity: https://lnkd.in/g34EbJGn #Hikvision #Vulnerabilities #Cybersecurity #ZeroDay #IoTsecurity #VideoSurveillance #CyberThreats #PatchManagement #SecurityResearch #EnigmaSecurity 📅 2025-08-29T08:23:43 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🛡️ Humans of Cyber | Day 14 In 1998, cybersecurity lacked affordable and effective tools to spot intruders on networks. Most intrusion detection systems were expensive, closed, and far out of reach for smaller organizations. That year, Martin Roesch, a network security researcher, wrote the first version of Snort in his free time. It began as a lightweight packet sniffer, but quickly grew into one of the most widely used intrusion detection and prevention systems in the world. Snort worked differently. Instead of relying on expensive enterprise hardware, it used a rules-based engine that allowed anyone to define patterns of suspicious traffic. It could scan every packet in real time and alert, log, or block activity that matched known threats. This made advanced network defense accessible to everyone, not just the largest corporations. The impact was enormous. Snort has been downloaded over 5 million times and is deployed across hundreds of thousands of organizations worldwide, from small businesses to Fortune 500 enterprises. In 2001, Roesch founded Sourcefire to support its growth, and by 2013, Cisco acquired the company, making Snort a cornerstone of its global security portfolio. ✅ What began as a side project became the world’s leading open-source intrusion detection tool. ✅ Today, Snort continues to protect critical infrastructure, businesses, and governments around the globe. Cybersecurity is often about building shields. Martin Roesch is one engineer who created a shield powerful enough to be carried by millions. Tagging a few talented engineers and leaders from Sourcefire, part of Cisco who played key roles, Jennifer Sunshine Steffens, Marc Solomon and Matt Watchinski. #HumansOfCyber #MartinRoesch #Snort #Cisco #CyberSecurity #OpenSource #IDS #IPS #NetworkDefense #CyberForGood #InformationSecurity

🚨 The FBI just issued a warning: Russian hackers are exploiting seven-year-old vulnerabilities in unpatched Cisco devices to gain persistent access into critical networks. The takeaway? Leaving network OS upgrades and patching to manual, ad hoc processes isn’t just inefficient—it’s a direct security risk. These overlooked vulnerabilities are being weaponized to infiltrate telecom, higher ed, manufacturing, and critical infrastructure worldwide. Read full article: https://lnkd.in/drAnEJ-d ✅ This is where automation matters. With Nautobot, enterprises can: 🔒 Automate OS upgrades across devices ⚡ Ensure compliance with security policies 🛡️ Eliminate exposure from neglected or end-of-life devices Attackers are moving fast. If your network automation strategy isn’t keeping up, you’re leaving the door open. 👉 Don’t let unpatched devices be your weakest link. Nautobot makes automated, consistent, and secure CVE remediation and OS upgrades a reality. #networkautomation #cybersecurity #nautobot #osupgrades #compliance #cisco #cve

Hope Is Not a Security Strategy in OT Every plant runs on legacy systems. They’re old, stable, and too critical to rip out. But here’s the hard truth: most of them were never designed to face modern attackers. Relying on hope…that no one will notice, that “it’s always worked,” that obscurity is safety…is the fastest way to make critical infrastructure the easiest target. If you can’t replace it, you must surround it: segment the network, control access, and monitor relentlessly. Because attackers don’t care how old your PLC is. They only care that it’s exposed. #OTSecurity #ICS #CriticalInfrastructure #LegacySystems #Cybersecurity

Industrial operations can’t afford downtime — or a breach. In this video, discover how Fortinet's Security Fabric protects Industrial Control Systems (ICS) and Operational Technology (OT) environments from evolving cyber threats. From network segmentation to real-time threat detection, we show how LKH Precicon Pte Ltd and Fortinet deliver the resilience and security your operations need. Want to know more how you can protect your OT? Chat with us today 👉 https://hubs.li/Q03CV9ml0 #LKHPrecicon #SmartSustainableSecure #SmartManufacturing #Fortinet #OTCybersecurity #IndustrialSecurity #SecurityFabric