Endpoint Security
,
Events
,
Fraud Management & Cybercrime
Phosphorus Cybersecurity’s Phillip Wylie on Asset Inventory, Password Hygiene
Security teams’ success in hardening endpoints and implementing robust detection systems has triggered an unexpected consequence: threat actors pivoting to IoT devices to infiltrate corporate networks. This shift represents a fundamental change in attack methodology, as cybercriminals increasingly view connected devices as a potential entry points.
See Also: Live Webinar | Resilience in Crisis: Recovering Your Minimum Viable Company Fast
“The Akira ransomware gang couldn’t get a foothold because the endpoint detection systems were preventing them, so they exploited a camera-loaded malware on it,” said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity. “They were able to do an SMB share to the network … IT and cybersecurity were not thinking this is a risk.”
The irony lies in organizations’ misplaced trust in their own hardware. Security teams often overlook IoT devices as potential threats, failing to apply basic security measures such as credential rotation or vulnerability patching that would normally protect traditional IT systems.
In this video interview with Information Security Media Group at RSAC Conference 2025, Wylie also discussed:
- Why shadow IT practices undermine air-gapped protections for OT systems;
- How basic password hygiene remains elusive for connected devices;
- The critical role of asset inventory in IoT security programs.
Wylie has more than 27 years of industry experience in IT and cybersecurity. He is also a former Dallas College adjunct instructor and founder of The Pwn School Project and Defcon Group 940. Wylie’s experience spans multiple cybersecurity disciplines, including network security, application security and pen testing.