Meet GI's Cybersecurity Champion: Angela Wu, Director, Threat Intelligence and Response, Connectivity Cybersecurity & Resilience Group, IMDA

This interview is part of GovInsider's inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.

Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does. 

As the Head of Department for the Threat Intelligence and Response (TIR) division at the Infocomm Media Development Authority (IMDA), I oversee three teams: Cyber Threat Intelligence, Digital Forensics & Incident Response, and Security Engineering.

My team’s primary focus is on protecting Singapore's Infocomm & Media sector from cybersecurity threats. We serve as the frontline defence, working with operators to prevent and mitigate these potential cyber threats.

In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing, and identity theft) in the public sector cybersecurity scene globally?

Based on our observations, there are some trends relevant to the Infocomm & Media sector:

• Attacks targeting network infrastructure devices such as firewalls, routers, and virtual private network systems. These attacks often exploit system flaws – including zero-day vulnerabilities – to gain full access or establish persistent backdoors. As these are proprietary systems, standard cybersecurity operations teams face significant difficulties in detecting potential compromises as they cannot effectively run traditional malware indicators of compromise searches or deploy standard Endpoint Detection Response (EDR) solutions.
• Threats against central management platforms that handle virtual machines. These platforms often suffer from multiple vulnerabilities: inadequate network segregation, weak privileged access management, lack of EDR capabilities, and susceptibility to both known vulnerabilities and zero-day attacks. When these platforms are compromised, threat actors can move laterally between virtual machines managed on the same platform.
• Ransomware and DDoS (Distributed Denial of Service) attacks. Organisations that haven't properly deployed and configured EDR systems are particularly vulnerable to ransomware attacks. For DDoS attacks, while implementing countermeasures are crucial, it's equally important to proactively test at-risk systems to ensure they can withstand such attacks.

Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?

AI technology is being leveraged by threat actors in several concerning ways.

AI-powered tools are now capable of generating massive volumes of sophisticated phishing content. These are not the obvious, error-riddled phishing attempts of the past — instead, they are grammatically perfect, unique, and highly convincing messages.

To subscribe to the GovInsider bulletin, click here.

Additionally, we're seeing an increase in deepfake videos being deployed in scam operations, with AI making these increasingly difficult to distinguish from genuine content. These AI-generated materials are often used as vehicles for malware delivery.

Given that these attacks typically target large numbers of individual email accounts, organisations need to implement a two-pronged approach. First, there must be regular employee awareness and education about these evolving threats. Second, organisations need to develop and maintain robust process controls that can effectively validate authorised requests and prevent fraudulent transactions.

One effective mitigation strategy we've identified is proactive communication. When organisations promptly notify their customers about emerging threats and publish details of current phishing attempts and scams on their corporate websites, it significantly helps reduce the potential impact on both customers and suppliers.

What brought you to this profession and what do you love the most in your job and what would you like to improve?

My journey into cybersecurity was driven by a deep fascination with the constantly evolving nature of cyber threats. What drew me to this field was the challenge of developing and implementing preventive measures against new and emerging risks, as well as finding ways to address the potential impacts of these attacks.

What I find most fulfilling in my role is the opportunity to design and deploy preventive measures and detection systems that effectively counter high-risk threats. I enjoy the challenge of implementing security solutions that maintain their effectiveness while having minimal operational impact on our customers' day-to-day operations. This balance between security and usability is crucial in our field.

Looking ahead, I see one key area for improvement in our industry: the need for better information sharing and collaboration. I hope to see organisations become more open to sharing their experiences with cyber incidents and threats. Currently, there's often hesitation or reluctance to discuss security incidents due to fear or shame.

However, if organisations could overcome these barriers and collaborate more openly with other organisations and government agencies, it would create valuable learning opportunities for the entire cybersecurity community. Such sharing of lessons learned could help other organisations implement more effective preventive measures and reduce their risk of experiencing similar incidents.

If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?

Yes, I would still choose to be a cybersecurity professional. I find genuine enjoyment in studying and countering the evolving nature of threats targeting internet connected or standalone devices — as long it contains a processor. 

What makes cybersecurity particularly appealing is its versatility as a career. Since organisations worldwide use similar brands, systems, hardware, and software, the skills are highly transferable across different sectors. The main difference lies in how security incidents impact different organisations and their customers differently, which has allowed me to build a lifelong career where I can continuously learn and apply my knowledge across multiple countries and contexts.