Penetration tester: In 2014, I can gain access to one server or workstation, and use it to traverse the entire network, unhindered at the network layer. I’m shocked that close-circuit television (CCTV) systems, alarm systems, building access control systems, and manufacturing process control systems are just “hanging out” on the corporate network for all to see. We know that we need to put our Internet-accessible servers into a DMZ, and that those DMZ assets should have little or no access to the internal network.”]
Source: https://www.csoonline.com/article/2134434/why-you-need-to-segment-your-network-for-security.html