Cross-Border Reality: What FBI/CISA and Canada’s Cyber Centre Agree On About “Scattered Spider”
This fall, SecTor returns to Toronto, bringing together cybersecurity practitioners from both sides of the border to share insights on fast-moving threats and the playbooks that actually work in the wild. Few topics warrant that cross-border lens more than Scattered Spider, a financially motivated threat collective whose evolving tactics in social engineering and identity abuse continue to challenge defenders.
FBI’s Latest Cyber Advisory and the Growing Mandate for Out-of-Band Communications
A new FBI Cyber Division alert warns that during a cyber incident, the attackers might be listening in on your organization’s every move. In a July 29, 2025 joint advisory, the FBI and international partners reported on the ongoing activities of the “Scattered Spider” threat actor.
The $3.5B Wake-Up Call: What SEC Messaging Fines Tell Us About Communication Risk
Communication risk now carries a hefty price tag. More than $3.5 billion in fines have been issued due to recurring failures involving unrecorded business messages on platforms like WhatsApp and Signal. The SEC (Securities and Exchange Commission) has made its stance clear: No more do-overs. You will get penalized for using technology that bypasses regulations.
For Your Eyes Only: Why Critical Alerts and Threat Feeds Must Go Out of Band
With rising threats to operational technology (OT) environments, energy companies are rethinking how they deliver their most sensitive cybersecurity alerts and threat intelligence feeds. When conventional communication pathways are compromised—or even just suspected to be—out-of-band communication can mean the difference between staying ahead of an incident and losing critical time.
Legal Pitfalls : Why Energy Companies Must Ditch Consumer Privacy Apps During a Cyberattack
In the energy sector, a cyberattack is more than just a technical crisis—it’s a high-stakes moment with far-reaching consequences. Beyond the immediate chaos of containment and remediation, there are legal repercussions, regulatory scrutiny, and reputational risks to manage.
Ensuring Operational Continuity During a Cyber Breach: The Role of Secure Out-of-Band Collaboration
What happens when the tools you rely on to manage a crisis become part of the problem? During a cyber breach, compromised communication channels can stall your incident response, expose critical remediation processes to adversaries, and create regulatory and reputational risks for your company.
Recovering from AI-Era Breaches: Why Energy Companies Need Secure Out-of-Band Collaboration
Artificial intelligence (AI) is profoundly transforming the energy sector by enhancing operational safety, efficiency, and security, as highlighted in the 2024 CESER-DoE report. However, these advancements come with significant risks. Adversaries are using sophisticated tools to target essential infrastructure, making AI a double-edged sword.
Under Cyber Siege? Here’s How to Coordinate Response Efforts Away from Prying Eyes
The frequency and sophistication of cyber threats continue to escalate, posing significant risks to critical infrastructures, particularly within the energy sector. Fundamental to national security and economic stability, these organizations find themselves on the front lines of cyber defense.
How to Safely Engage External Advisors During Cyber Incidents
Today’s digital world is constantly changing, with cyber threats becoming more complex and evolving rapidly. This presents significant challenges for businesses in all sectors, especially those operating within critical infrastructure. These threats don’t just affect the technical aspects; they also impact how an organization operates, its legal responsibilities, and its overall strategy.
Salt Typhoon Breach: Why the FBI’s Signal and WhatsApp Recommendation Is a Bad Idea for Enterprises
In the wake of the Salt Typhoon breach, a sophisticated attack exploiting telecom infrastructure to intercept calls, texts, and metadata, the FBI has recommended that private citizens move their communications to end-to-end encrypted apps like Signal and WhatsApp to safeguard their privacy.