Yesterday, I attended the ISMG Cybersecurity Week—a full house event that brought together some of the sharpest minds in security and technology. The agenda was packed, the energy was high, and most importantly, the conversations were real. Not just theoretical talks, but actual stories from the field.
With over 100+ CXOs present, we all had one thing on our minds: how to stay ahead of evolving threats in an AI-powered world.
🔐 The Core Message: Everything That Connects, Must Be Secured
During a panel discussion on “Identity-based Zero Trust: A User Case Perspective,” Bala Ramanan from Microland said something that stuck with me:
“Service accounts often become untracked and weakest point in our Securtiy Posture”
Third-party applications—no one really owns them. And that’s where attackers sneak in.
Let me explain why this is serious.
Even when we believe our main systems are locked down, attackers look for the smallest gap—and sometimes, that gap is something we never considered dangerous.
Here’s how:
Unsecured CCTV Cameras
Most CCTV cameras today are IP-based, which means they’re connected to your network. If they’re not updated or protected with strong credentials, hackers can break into them remotely. Once inside, they can move laterally across your network—jumping from the camera to more critical systems.
HVAC Systems (Air Conditioning Units)
These are often controlled using third-party software or remote access tools. In one real-world case, hackers used an HVAC vendor’s weak access control to gain a foothold into a major retailer’s network. Why? Because the HVAC system was connected to the same internal network as customer data.
Printer Cartridge Chips
Sounds bizarre, right? But attackers have found ways to program malicious code into printer chips. If a printer is connected to your Wi-Fi, that chip can be used to launch malware or gain deeper access into other devices on the same network. Many teams don’t even consider printers as a threat.
And it all circles back to one point:
Anything connected to your network, even if it looks harmless, needs to be secured and monitored.
Because in today’s world, hackers don’t go through the front door. They enter through a window that nobody remembered to lock.
The Danger of Outdated Systems
There was also a reminder about how old operating systems, like Windows 95, are sometimes still embedded into new infrastructure.
If these systems haven’t received security updates in decades, and are still connected to live networks, they become sitting ducks. Once attacked, there’s little anyone can do—because no new security patches exist for these old systems.
🤖 AI, False Alarms & Missed Threats
One of the most insightful parts of the discussion was about false positives.
Here’s what happens:
Your SOC team notices something suspicious.
These are blocked automatically as per the Policy and configuration. But if these false alarms are in thousands or even few 100s, The actual alarm goes missing in between.
That’s when the attacker breaks in.
This is not a failure of AI. It’s a reminder that we can’t rely on automation alone. AI models get trained over time. But if the security team stops digging into these so-called false positives, we miss the real threat hiding beneath the noise.
And let’s be honest — if you’re receiving over 1,000 false alerts a day, it’s natural to start ignoring them. But in doing so, we’re opening the gates to trouble.
💡 Takeaway: Be Proactive, Not Reactive
Security is no longer about building walls and hoping for the best. It’s about constant learning, questioning, and looking under the hood—even when the system says “it’s just a blip.”
Every connected device is a potential entry point. From HVACs to hand scanners. From outdated OS to camera chips.
The conversations at ISMG reminded us that cybersecurity isn’t just the IT department’s job anymore. It’s a business issue. A leadership issue. A survival issue.
Stay alert. Stay curious. And never assume anything is too small to matter.
If you’re attending similar events or passionate about where cybersecurity meets AI, let’s connect.
These conversations go beyond conferences—they shape how we build safer, smarter systems for the future.
Always learning. Always securing.
– Sandeep