• Get Matched

Cybersecurity Trends 2025: Insights from Helen Yu

November 11, 2024

Sergei Dubograev

by Sergei Dubograev, VP of Development, Clutch

Helen Yu, CEO of Tigon Advisory Corp., dives deep into the latest threats and game-changing defense moves, sharing what businesses need to do to keep their data and operations safe in a world of constant new challenges. Get ready for some serious insights!
 

helen yu

 

In this video, you’ll learn: 

Search for industry-leading cybersecurity companies on Clutch. Read client reviews to find the perfect partner for your upcoming development or IT initiatives.

Helen’s Unconventional Path: From Finance to Cybersecurity

Helen, before we dive in, maybe take us a little bit through your story and how you began in your career in cybersecurity?

Helen Yu: [00:00:24] I began my career as an accountant and financial analyst, then transitioned to tech as a Hyperion consultant after leading an implementation. I designed financial planning applications in Seattle and, after Hyperion's acquisition by Oracle, managed their consulting practice and became a senior solution architect. This experience refined my marketing and SaaS skills at Adobe and Marketo.

In 2017, I founded a company offering fractional CXO services. A pivotal moment came in 2019 when I delivered a keynote, "Getting Cyber Effect," at the International Risk Management Conference in Zurich, igniting my passion for cybersecurity. I enrolled in MIT's cybersecurity program, recognizing the urgent need for effective solutions, which led to my partnership in Managed Security Services and role as Vice Chair and Technology Board Director for the Global Cybersecurity Association.

How to Stay One Step Ahead: Proactive Cybersecurity in 2025

So in 2025, I know with security changes, people are playing way ahead. What should organizations really look for to be proactive in next year?

Helen Yu: [00:02:31] Let's look at the top eight cyber attacks in 2024: phishing, ransomware, denial of service, man-in-the-middle, SQL injection, cross-site scripting, zero-day exploits, and DNS spoofing. For 2025, I anticipate more AI-driven threats: AI-powered phishing, deepfake voice fraud, adaptive malware, coordinated massive attacks, automated threat hunting, and easier credential stuffing. To prevent these, businesses should understand their threat landscape, organize priorities, measure risks, improve tech defenses, and build a security-first culture. Ensure everyone is cyber-aware, not just IT. Train all employees and partners. Have an incident response plan. Consider outsourcing and sharing best practices within your ecosystem.

Finding the Perfect Partner: What to Look for in Outsourced Cybersecurity

After an audit, what key factors should organizations consider when outsourcing cybersecurity, especially regarding integration and trustworthiness?

Helen Yu: [00:08:04] I love that question, Sergei. As an adventurer, I always check every door and window before leaving, even with a neighbor watching. Imagine if everyone knew the digital doors and windows in an organization. The challenge is securing so many points, making awareness critical.

Sometimes we don't do this, so consider outsourcing. A third party can help build awareness and identify vulnerabilities. Consider: internal expertise (cybersecurity has 17 main categories; outsource for specific needs), growth (outsourcing allows focus on growth while maintaining security), global coverage (24/7 service where needed), compliance (legal counsel for different regulations), and core business focus (leave security to experts). These are key considerations when outsourcing.

Are there any considerations on the technical alignment between an outsourced firm and a company that maybe you have some advice on?

Helen Yu: [00:11:35] When working with customers as a third party, first align goals. IT and business teams often have different priorities due to varying perspectives. Ensure the third party understands objectives from both sides. For example, if expanding e-commerce, tailor services to protect online transactions and data. Assess compatibility with existing IT infrastructure, considering integration with current systems like CRM or ERP.

Clearly define roles and responsibilities for both internal and outsourced teams, avoiding the misconception that third parties handle everything. Establish clear communication channels using tools like Slack or video meetings. Prioritize data security and compliance, ensuring providers follow industry standards. Consider scalability for future needs and develop an incident response plan. Focus on ongoing training and support, ensuring third parties follow internal standards as well.

Cybersecurity Myths: The Biggest Misconception to Ditch

Is there one major misconception that people need to overcome just to stay aligned with what could help and protect their security?

Helen Yu: [00:14:49] 85% of cyber attacks stem from human error, challenging the misconception that cybersecurity is solely IT's responsibility. This miss can be really dangerous if you think about it. You have to make sure cybersecurity is a shared responsibility that requires involvement from everyone in the organization.

I came across a Comp TIA report recently that said, “40% of people say that technical staff lead security conversations, but only 36% indicate CEO involvement, and just 25% involve business staff.” Think about how this lack of engagement can result in incomplete risk assessment and weak security measures.  

My advice to companies is to understand the thread landscape and come up with an inventory list of what needs to be protected, who is responsible for what, and where you have the most vulnerabilities. Step two would be to organize your cyber management responsibilities through a framework like NIST, and measure risk exposure. Improving technical defenses is crucial, as is fostering a security-first culture involving all employees. Comprehensive training, including for third parties, is essential. Never click a link where you don’t know who it is coming from.

Understanding the implications of ethics, compliance, and regulations in cybersecurity is crucial, especially globally. This holistic approach to cybersecurity, combining technology, people, and processes, helps organizations better protect against evolving threats.

Rapid Fire Round: Helen’s top apps, podcasts, and more!

If you could keep one app on your phone, what would it be?

Helen Yu: [00:18:29] I would say the contacts app where I can keep friends and family members' contact information.

What's your go-to podcast if someone wants to learn a little bit more about cybersecurity?

Helen Yu: [00:18:44] Yeah. I actually recently joined the National Association of Corporate Directors, so I've been listening to “Board Vision” and they talk about cybersecurity quite a bit. I like to switch things up. I don't usually just go to one, I also listen to the Wall Street Journal’s “The Future of Everything.”

If you weren’t in cybersecurity, what career would you have?

Helen Yu: [00:19:26] If I weren't in tech or cyber, I'd be writing novels and creating those sci-fi stories. I'm fascinated by this concept of cyborgs and how technology intersects with humanity. And so exploring these themes in fiction would be a thrilling journey for me, crafting narratives that really blend imagination with futuristic possibilities. I love writing. I write almost every single day.

What's one word that describes the future of cybersecurity?

Helen Yu: [00:20:01] “Adaptive” because it captures the need for cybersecurity to continuously evolve in response to new threats and technologies. The ability to adjust strategies and defenses is so critical for staying resilient in an ever-changing landscape.

About Helen Yu, Founder of Tigon Advisory Corp.

Helen Yu is the CEO and founder of Tigon Advisory Corp, a top expert in growth strategy and digital transformation. With a proven track record of helping companies scale and navigate complex challenges, Helen is passionate about bridging the gap between technology and business. She's a sought-after keynote speaker and author, known for her insights on cybersecurity, innovation, and sustainable growth.

Interviewed by: Sergei Dubograev, VP of Development, Clutch

Related Articles More

Mobile Commerce Trends 2025: Revolutionizing How We Shop
The Ethics of AI: What You Need To Know Before You Automate
Bias in AI: What Devs Need to Know to Build Trust in AI