The UK Government’s latest Cyber Security Breaches Survey found that 43% of businesses reported a cyber breach or attack in the past year. Phishing remained the most common attack type, affecting 38% of businesses and 25% of charities, and was also listed as the most disruptive attack type by 69% of organizations that had experienced a breach or attack.

Globally, the warning signs are just as sharp. Verizon’s 2025 Data Breach Investigations Report analyzed 22,052 real-world security incidents and 12,195 confirmed breaches, the highest number of breaches ever analyzed in a single DBIR. Verizon also reported that third-party involvement in breaches had doubled to 30%, while exploitation of vulnerabilities had surged by 34%.

That is the backdrop to Phillip Wylie’s warning. An expert ethical hacker with more than 28 years in cybersecurity and IT, Wylie has worked across penetration testing, red teaming, application security, network security and social engineering. He is also the co-author of The Pentester BluePrint, founder of The Pwn School Project, and host of The Phillip Wylie Show and The Hacker Factory Podcast.

In this exclusive interview with the Cyber Security Speakers Agency, Wylie explains why vulnerability scans and phishing tests can give businesses a false sense of safety, how attackers are exploiting overlooked devices such as cameras and printers, and why security teams need to test real-world attack paths before criminals do it for them.

Question 1. Businesses often think cyber security is covered because they scan for vulnerabilities and run phishing tests. Where are they still dangerously exposed?

Phillip Wylie: “There are a couple of different things.

“One is their vulnerability management program, where they're doing vulnerability scanning and think that's enough. With pentesting, they're not using all the different methods to test.

“In some cases, companies will use software to do social engineering or phishing campaigns, but those don't have a payload in them. So, they're really just testing security awareness.

“While that's good, you really need to be testing using a payload to see what happens if someone accidentally clicks on one of those links that they shouldn't click on.”

Question 2. Hackers are no longer only attacking obvious systems. How are devices such as cameras, printers and IoT equipment becoming routes into organizations?

Phillip Wylie: “Threat actors have to continue to change the way they do things. It's getting more difficult to get into organizations.

“One example was the Akira ransomware. They weren't able to get a foothold in the environment.

“So, threat actors are going to external devices like web security cameras, printers and different IoT-connected devices.

“They were able to hack that device, share a connection to one of the internal systems and then install the ransomware.

“They're constantly having to alter the way they're doing things because people are getting better at defending against them.”

Question 3. Threat actors are constantly adapting. What should security teams be learning now if they want to stay ahead of the next attack?

Phillip Wylie: “It's kind of twofold.

“Education is one part: being educated on the latest types of defensive techniques, as well as learning how threat actors are attacking.

“This is done through courses, education, webinars and cyber threat intelligence.

“If you're keeping up with cyber threat intelligence and the latest news, you're able to see what threat actors are using to exploit organizations.

“You're able to stay ahead of the game.”

Question 4. Cyber security can feel abstract until something goes wrong. What do you want audiences to understand before they become the next target?

Phillip Wylie: “One of the things I get a lot is that I'm able to explain complex topics so people can understand them.

“When I give my speeches, I want people to be able to understand and learn something from them, and enjoy them as well.

“I like my presentations to be enjoyable and not boring.

“One of the main things I want is for them to come away learning something.”

This exclusive interview with Phillip Wylie was conducted by Tabish Ali of the Motivational Speakers Agency.