<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=306561&amp;fmt=gif">
Skip to content

Cybersecurity in the Age of AI: Adapting, Innovating, and Outsmarting the Threats

Singapore University of Social Sciences's Anthony Lim navigates emerging threats by balancing innovation, managing risks, and leveraging AI, people, processes, and continuous learning.

Adapting to Emerging Threats


In today’s fast-evolving cybersecurity landscape, how do teams stay updated and adapt to emerging threats and vulnerabilities?

Anthony Lim: In cybersecurity, we must recognise that we cannot protect everything all the time. The threat landscape is constantly changing, and so is our internal infrastructure, particularly with ongoing digital transformation and business activities. This dynamic environment requires us to prioritise our resources and decide what needs the most protection, while developing strategies to address the rest.

The key is conducting thorough risk assessments and staying updated on the latest tools and services available. To do this, it’s essential for teams to engage with industry peers, attend relevant seminars, and actively participate in professional networks. By learning from others in similar industries, we can understand how they’re responding to emerging threats.

It’s also critical to recognise that many breaches today aren’t the result of sophisticated cyberattacks but rather human or operational errors. Hackers often target these weaknesses, knowing that organisations have security measures in place but may overlook human lapses. This is why phishing has become the most common form of attack—cybercriminals exploit our vulnerabilities by manipulating users into revealing login credentials or clicking on malicious links.

 

The Impact of Emerging Technologies


How do you perceive the influence of emerging technologies like AI on cybersecurity, especially in terms of security considerations and practices?

Anthony Lim: AI is generating a lot of buzz these days, and while it’s still evolving, it offers great potential to transform cybersecurity. We can use AI to automate and accelerate key processes, such as threat hunting, issue correlation, and decision-making. Many cybersecurity products already incorporate AI, and as the technology matures, it will continue to enhance the capabilities of security teams.

However, it’s important to keep in mind that while AI can bolster defences, it also poses challenges. The bad actors are just as quick to leverage AI for their malicious activities, such as crafting highly convincing phishing scams or launching sophisticated ransomware attacks. As AI-driven threats emerge, defensive teams using AI may find themselves in a race to catch up.

 

Risks with AI Integration


Are there any additional risks or concerns you foresee in integrating AI into security practices? How do you mitigate these risks?

Anthony Lim: One of the main risks with AI in cybersecurity is the possibility of false positives or, even worse, false negatives. In high-pressure situations, such as a security breach, it’s crucial for the system to make accurate and timely decisions. AI systems, which rely on machine learning, learn from past data. However, they can struggle when faced with new, unfamiliar threats. This could result in incorrect decisions that either miss a threat or raise unnecessary alarms.

Another challenge is that AI algorithms require time to evolve, and data interpretation can be complex. Choosing the right algorithms is vital, as AI-driven systems are prone to mistakes and overgeneralisation. Despite these challenges, the technology is improving rapidly.

Interestingly, while AI benefits defenders, it equally empowers cybercriminals by enhancing their tools—whether through deepfakes or more advanced phishing tactics. Unfortunately, this puts cybersecurity professionals in a position of playing catch-up, trying to anticipate and respond to AI-powered attacks.

 

Alignment of Security Policies with Work Practices


Do your current security policies and tools align with the evolving work practices of your teams? How do you ensure this alignment remains intact?

Anthony Lim: This question has been discussed for over two decades, with the notion of cybersecurity as a business enabler (rather than a hindrance) gaining traction. Even before the term “cybersecurity” existed, balancing security with productivity was a challenge that often left cybersecurity teams, particularly CISOs, underappreciated and overburdened. Despite this, the alignment of security policies with business practices is improving, as organisations recognise the increasing scale and complexity of security threats.

The best way to maintain this alignment is through continuous communication and collaboration across IT, cybersecurity, business units, and executives. It’s essential for cybersecurity to be viewed as a legitimate business risk, similar to other concerns like profitability or market stability. By securing strong executive sponsorship and fostering political will, we can ensure that cybersecurity is integrated into the broader business strategy and not seen as an obstacle.

 

Continuous Learning and Improvement


What strategies or mechanisms does your team employ to facilitate continuous learning and skill development in response to evolving cybersecurity challenges?

Anthony Lim: Thankfully, many organisations now prioritise continuous learning and skill development in cybersecurity. This happens at two levels: technical staff training and broader employee awareness initiatives. Regular phishing tests and mandatory training sessions are crucial in raising awareness about common threats.

Various resources are available to support ongoing education, including government-backed programmes like CSA and IMDA, which provide valuable cyber safety tips and best practices. Organisations can also invest in advanced cybersecurity certifications, such as DPTM, CSA Cyber Trust Mark, and ISO-27001, to help bolster their cybersecurity frameworks.

In addition to formal resources, informal channels like online videos and industry forums offer a wealth of knowledge. However, it’s important to be discerning and choose resources from trusted sources to ensure we’re learning from the right experts.

 


Anthony Lim was a past speaker at CISO Singapore 2024 and we look forward to CISO Singapore FSI & CISO Singapore 2025! Stay tuned in for more APAC 2025 event details! 

 

Photo by Artem Bryzgalov on Unsplash