Yihao Lim is dedicated to identifying and proactively addressing advanced cyber security threats. He has dealt with cyber espionage, financial crimes and hacktivists – and is driven to fighting ‘the bad guys’. So much so, that he is also contributing to craft the first Cyber Security for Critical Assets summit dedicated exclusively to the APAC region (CS4CA APAC) – where cyber security experts share practical tips and unite against their common enemy: cyber criminals. In the meantime, we caught up with Yihao to learn more about his job and how he keeps his spirits up while facing cyber crime:
Q: What gets you up in the morning?
A: Given the escalating severity of cyber-attacks, I am psyched up every morning knowing that my job directly correlates to protecting my customers in government or MNCs from bad guys. My purpose is more than just churning out a report – it is also knowing what threat actors do, how they can infiltrate organisations, and, from a cyber physical context, help prevent physical injuries or potential deaths in critical infrastructure organizations.
Q: How do you explain your job title to someone outside the cyber security industry?
A: I specialise in learning more about bad guys so that I can teach the good guys how to defend against them.
Q: What are some of the key recent shifts in the cyber threat landscape that you’ve been seeing, and what do you think they mean for cyber security?
Threat actors are rapidly evolving their tactics and exploring new channels of attack. Supply chain attacks have proven to be an effective means of infiltration and we see an increased rate of them occurring now.
In the cyber physical context, we have observed threat actors demonstrate greater understanding of the target environment, meaning they know their targets well before they even attack them.
Q: Is cybercrime evolving quicker than security?
Yes. That’s due to the general perception that (1) attacks are not targeted and threat actors are just spamming viruses to try their luck or (2) threat actors always use the same tactics / software on victims – hence companies are always playing catch-up to threat actors (hackers).
Cyber Threat intelligence could prove to be the game changer here, as its focus is to understand specific groups deeply – how they operate, what their motivation is, what they are after, and how organisations can better protect their crown jewels.
Q: What do the next 5 years hold for your industry?
We can foresee escalating severity and numbers of attacks, given the current IoT Boom and Cryptocurrency craze fuelled by the rapid digitalisation across the developing world.
Q: If you could change one thing about your work right now, what would it be?
I wouldn’t change anything. The rapidly evolving threat landscape is what motivates me to go into work everyday
Q: What is the best or worst security advice you’ve ever heard?
I can’t pick the worst from: “Antivirus will suffice, there’s no need for additional cyber security services” and “We are such a small company, no one will want to attack us.”
Q: What’s your favourite way to stay informed about cyber security?
Read, talk to industry partners, and talk to experts from other domains of cyber security.
#
Learn more about CS4CA APAC 2019 and secure your Early Bird delegate pass (save $200before July 25th) to meet industry leaders such as Yihao this September in Singapore.
