This exclusive interview with Phillip Wylie was conducted by Tabish Ali of the Motivational Speakers Agency.
Companies can spend thousands on cyber security and still leave the wrong door open.
That is the warning from Phillip Wylie, a cyber security expert and ethical hacker who says too many businesses mistake activity for protection. Vulnerability scans, phishing tests and awareness campaigns may look reassuring, but they do not always show what happens when a real attacker gets inside.
Wylie’s concern is not theoretical. He points to threat actors using overlooked devices such as web security cameras, printers and other IoT-connected systems to find new ways into organisations.
His argument is simple: if companies only test awareness, they may never know how much damage one wrong click, one exposed device or one missed weakness could cause.
In this exclusive interview with the Cyber Security Speakers Agency, Phillip Wylie explains where businesses are giving themselves false confidence, how hackers are changing tactics as defences improve, and why security teams need to keep learning before criminals find the gap first.
Question 1. Companies spend heavily on cyber security, but where are they still giving themselves a false sense of protection?
Phillip Wylie: “There are a couple of different things.
“One is their vulnerability management programme, where they’re doing vulnerability scanning and think that’s enough. With pentesting, they’re not using all the different methods to test.
“In some cases, companies will use software to do social engineering or phishing campaigns, but those don’t have a payload in them. So they’re really just testing security awareness.
“While that’s good, you really need to be testing using a payload to see what happens if someone accidentally clicks on one of those links that they shouldn’t click on.”
Question 2. Hackers are finding new routes into businesses through devices many companies barely think about. How are attackers adapting faster than organisations can defend themselves?
Phillip Wylie: “Threat actors have to continue to change the way they do things. It’s getting more difficult to get into organisations.
“One example was the Akira ransomware. They weren’t able to get a foothold in the environment.
“Threat actors are going to external devices like web security cameras, printers and different IoT-connected devices.
“They were able to hack that device, share a connection to one of the internal systems and then install the ransomware.
“They’re constantly having to alter the way they’re doing things because people are getting better at defending against them.”
Question 3. Businesses are under pressure to innovate quickly, but cyber threats are moving just as fast. How can security teams keep up without slowing everything down?
Phillip Wylie: “It’s twofold.
“Education is one part: being educated on the latest types of defensive techniques, as well as learning how threat actors are attacking.
“This is done through courses, education, webinars and cyber threat intelligence.
“If you’re keeping up with cyber threat intelligence and the latest news, you’re able to see what threat actors are using to exploit organisations.
“You’re able to stay ahead of the game.”
Question 4. Cyber security can sound technical and intimidating to most people. When you speak to audiences, what do you want them to walk away understanding?
Phillip Wylie: “One of the things I get a lot is that I’m able to explain complex topics so people can understand them.
“When I give my speeches, I want people to be able to understand and learn something from them, and enjoy them as well.
“I like my presentations to be enjoyable and not boring.
“One of the main things I want is for them to come away learning something.”
