This fall, SecTor returns to Toronto, bringing together cybersecurity practitioners from both sides of the border to share insights on fast-moving threats and the playbooks that actually work in the wild. Few topics warrant that cross-border lens more than Scattered Spider, a financially motivated threat collective whose evolving tactics in social engineering and identity abuse continue to challenge defenders.

A new FBI Cyber Division alert warns that during a cyber incident, the attackers might be listening in on your organization’s every move. In a July 29, 2025 joint advisory, the FBI and international partners reported on the ongoing activities of the “Scattered Spider” threat actor.

Communication risk now carries a hefty price tag. More than $3.5 billion in fines have been issued due to recurring failures involving unrecorded business messages on platforms like WhatsApp and Signal. The SEC (Securities and Exchange Commission) has made its stance clear: No more do-overs. You will get penalized for using technology that bypasses regulations.

With rising threats to operational technology (OT) environments, energy companies are rethinking how they deliver their most sensitive cybersecurity alerts and threat intelligence feeds. When conventional communication pathways are compromised—or even just suspected to be—out-of-band communication can mean the difference between staying ahead of an incident and losing critical time.

In the energy sector, a cyberattack is more than just a technical crisis—it’s a high-stakes moment with far-reaching consequences. Beyond the immediate chaos of containment and remediation, there are legal repercussions, regulatory scrutiny, and reputational risks to manage.

What happens when the tools you rely on to manage a crisis become part of the problem? During a cyber breach, compromised communication channels can stall your incident response, expose critical remediation processes to adversaries, and create regulatory and reputational risks for your company.

Artificial intelligence (AI) is profoundly transforming the energy sector by enhancing operational safety, efficiency, and security, as highlighted in the 2024 CESER-DoE report. However, these advancements come with significant risks. Adversaries are using sophisticated tools to target essential infrastructure, making AI a double-edged sword.

The frequency and sophistication of cyber threats continue to escalate, posing significant risks to critical infrastructures, particularly within the energy sector. Fundamental to national security and economic stability, these organizations find themselves on the front lines of cyber defense.

Today’s digital world is constantly changing, with cyber threats becoming more complex and evolving rapidly. This presents significant challenges for businesses in all sectors, especially those operating within critical infrastructure. These threats don’t just affect the technical aspects; they also impact how an organization operates, its legal responsibilities, and its overall strategy.

In the wake of the Salt Typhoon breach, a sophisticated attack exploiting telecom infrastructure to intercept calls, texts, and metadata, the FBI has recommended that private citizens move their communications to end-to-end encrypted apps like Signal and WhatsApp to safeguard their privacy.