Author: Ron Miller
On the 19th of October 2025 thieves managed to pull of an audacious theft of pieces of the French Crown Jewels from the Louvre Museum in Paris. Not only was this carried out in broad daylight, but it occurred during regular opening hours and took the gang less than eight minutes, of which a mere four minutes was spent in the museum itself.
The subsequent investigation uncovered several glaring lapses in security that feel very familiar across a wide range of business sectors.
Reports noted that the surveillance system password was simply “Louvre”, several monitoring devices were running outdated or unsupported software, and system alerts showing failures had gone unresolved for long periods of time. To make things even more embarrassing for the museum management, these vulnerabilities had been highlighted in an audit conducted by France’s National Cybersecurity Agency back in 2014.
Other lapses which came to light included the revelation that only 39% of the museum’s rooms were monitored by CCTV and the cameras in the Galerie d’Apollon – the location of the Crown Jewels – were facing the wrong way.
To add insult to injury, the gang employed the simple ruse of wearing yellow and orange vests to disguise themselves as construction workers, a time-honoured cover that’s still capable of averting attention of staff and security.
Those findings are close to security challenges often found in business environments today. For example, it’s not unusual to find critical servers still running Windows Server 2003, building management systems using Windows 10 or earlier, and dashboards showing high-severity vulnerabilities that haven’t been remediated. Add in the prevalence of weak credential practices on top of that, and the risk builds up quietly over several months or even years.
What makes these situations risky isn’t any one single issue; it’s the combination of weak passwords, unsupported infrastructure, and unresolved vulnerabilities, all compounded by the poorly implemented physical security and the lack of a coherent and comprehensive set of tools that, in turn fails to provide an informative overview of the risk environment. When these gaps pile up, they create openings that are easy to overlook until something goes wrong.
Don’t let your organisations’ physical and cyber security vulnerabilities result in malicious exploitation.
Better understanding your risks is the first step towards resilience. Our flexible vCISO solution gives you access to experienced security experts that help you to develop your security strategy to provide the foresight and confidence needed to meet today’s rising regulatory expectations.
Ron Miller, Cyber Security Principal Consultant, has over 25 years’ experience helping organisations across sectors and sizes in the UK and internationally to strengthen security and build resilience.
He has co-developed several British and international standards in business continuity and information security.
