Companies can spend thousands on cybersecurity and still leave the door open.
That is the warning from Phillip Wylie, an expert ethical hacker who has spent more than 28 years in cybersecurity and IT, working across penetration testing, red teaming, application security, network security and social engineering. His job is to think like an attacker before a real one gets there.
Wylie’s argument is blunt. Vulnerability scans, phishing tests and awareness training may make a business feel safer, but they do not always show what happens when someone actually clicks, lets in a payload, or gives an attacker a route through the network.
He has tested enterprise networks, wireless environments and applications, led red team exercises, co-authored The Pentester BluePrint, founded The Pwn School Project, and hosts The Phillip Wylie Show and The Hacker Factory Podcast.
In this exclusive interview with the Cyber Security Speakers Agency, Wylie explains where businesses are fooling themselves, why hackers are turning to overlooked devices such as cameras and printers, and why security teams need to test attacks properly before criminals do it for them.
Q1. Companies spend heavily on cybersecurity, but where are they still kidding themselves about how protected they really are?
Phillip Wylie: “There are a couple of different things.
“One is their vulnerability management programme, where they’re doing vulnerability scanning and think that’s enough. With pentesting, they’re not using all the different methods to test.
“In some cases, companies will use software to do social engineering or phishing campaigns, but those don’t have a payload in them. So, they’re really just testing security awareness.
“While that’s good, you really need to be testing using a payload to see what happens if someone accidentally clicks on one of those links that they shouldn’t click on.”
READ MORE: Hantavirus cases trigger worldwide health response
Q2. Hackers are constantly changing tactics. How are they exploiting new technology faster than companies can defend it?
Phillip Wylie: “Threat actors have to continue to change the way they do things. It’s getting more difficult to get into organisations.
“One example was the Akira ransomware. They weren’t able to get a foothold in the environment.
“So, threat actors are going to external devices like web security cameras, printers and different IoT-connected devices.
“They were able to hack that device, share a connection to one of the internal systems and then install the ransomware.
“They’re constantly having to alter the way they’re doing things because people are getting better at defending against them.”
Q3. Businesses want to innovate quickly, but cyber threats are moving just as fast. How can security teams keep up without becoming the department that says no?
Phillip Wylie: “It’s kind of twofold.
“Education is one part: being educated on the latest types of defensive techniques, as well as learning how threat actors are attacking.
“This is done through courses, education, webinars and cyber threat intelligence.
“If you’re keeping up with cyber threat intelligence and the latest news, you’re able to see what threat actors are using to exploit organisations.
“You’re able to stay ahead of the game.”
ALSO ON NJN: Film news: Florence Pugh to star in ‘The Midnight Library’ adaptation
Q4. Cybersecurity can sound technical and intimidating to most people. When you speak to an audience, what do you want them to walk away understanding?
Phillip Wylie: “One of the things I get a lot is that I’m able to explain complex topics so people can understand them.
“When I give my speeches, I want people to be able to understand and learn something from them, and enjoy them as well.
“I like my presentations to be enjoyable and not boring.
“One of the main things I want is for them to come away learning something.”
This exclusive interview with Phillip Wylie was conducted by Tabish Ali of the Motivational Speakers Agency.
READ NEXT: Vietnamese firm exports 1.1 million LSD vaccine doses to South Korea
Kamille Q. Cabreza 
John Christopher Aquino 
Simon Wilkes