In the evolving landscape of cybersecurity, the fortification of endpoints and the deployment of sophisticated detection systems have inadvertently driven cybercriminals to shift their focus toward Internet of Things (IoT) devices. This transition marks a significant change in attack strategies, as connected devices become increasingly attractive targets for threat actors aiming to penetrate corporate networks. Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity, highlights this emerging threat, illustrating how cybercriminals like the Akira ransomware gang are adapting by exploiting IoT vulnerabilities after being thwarted by robust endpoint defenses.

Wylie recounts how the Akira group, unable to breach endpoint security, resorted to deploying malware on a network-connected camera. This allowed them to access the network via an SMB share, a strategy security teams had not anticipated. This scenario underscores the irony of organizations’ overconfidence in their hardware, as IoT devices often remain unsecured due to neglected security measures like credential rotation and timely vulnerability patching, which are standard for traditional IT infrastructure.

During an interview with the Information Security Media Group at the RSAC Conference 2025, Wylie elaborated on several critical areas of concern. He addressed the risks posed by shadow IT practices that compromise air-gapped protections for operational technology (OT) systems. Wylie also emphasized the importance of basic password hygiene for connected devices, a simple yet often overlooked security measure, and stressed the crucial role of maintaining an accurate asset inventory in bolstering IoT security programs.

Wylie’s extensive background, with over 27 years in IT and cybersecurity, lends authority to his insights. As a former adjunct instructor at Dallas College and the founder of initiatives like The Pwn School Project and Defcon Group 940, his experience spans various cybersecurity domains, including network security, application security, and penetration testing. His expertise provides valuable perspectives on the shifting dynamics of cybersecurity threats and the proactive measures necessary to counteract them.

The conversation with Wylie serves as a reminder of the evolving nature of cyber threats and the need for organizations to continually reassess and update their security strategies. As IoT devices proliferate, they represent both an opportunity and a vulnerability, necessitating vigilant security practices and a comprehensive understanding of the network landscape to protect against these emerging attack vectors.