Cybersecurity Today

Episode: October Cybersecurity Month in Review: Insider Threats, AI’s Role, and Cybercrime Trends

Date: October 4, 2025
Host: Jim Love
Panelists:

• Tammy Harper (Flare)
• Laura Payne (Waketuque)
• David Shipley (Bosera Securities)

Overview

This October "month in review" episode brings together leading cybersecurity experts to discuss the evolving threat landscape as Cybersecurity Awareness Month begins. Topics include the resurgence of ransomware groups (notably Clop), the growing sophistication in cyber extortion tactics, the complex role of AI (both as a tool and a threat), misreporting in industry press, the human aspect of security (scams and insider threats), and insights into recent and upcoming cybersecurity industry events.

Key Discussion Points & Insights

1. Cybersecurity Month Plans and Industry Events ([00:41]–[14:39])

• Revival of Industry Events:
  • Jim Love announces the planned revival of “Maple Sec” and the reinstatement of “CIO of the Year” awards, highlighting the importance of peer-driven recognition in security leadership.
  • “If you’re a CISO and you’re not a member of CIO Can, you’re missing out… this organization is run by CIOs and CISOs.” — Jim Love [01:25]
• Conference Experiences:
  • Tammy, Laura, and David share highlights from attending Sector (Canada’s largest cybersecurity conference) and the upcoming BSides Toronto, emphasizing the value of community, live audiences, and networking outside traditional vendor channels.
  • “I think the only swag that I took from Sector was the white toque from Whitetuque.” — Tammy Harper [11:48]
• Concerns About Event Content:
  • Overemphasis on “agentic AI” in conference sessions leaves some practitioners disengaged; a desire remains for more human-centric and grassroots research talks.

2. The Effectiveness of Security Awareness and Media Misrepresentation ([02:46]–[11:09])

• Phishing Training Debate:
  • David recounts giving a talk defending security awareness programs, countering the narrative (spread by misinterpreted research and “irresponsible” journalism) that such efforts are ineffective.
  • “Some of these folks are medical doctors and they’re trying to tell me that education doesn’t work. That’s fascinating, buddy. Clearly your education was worth something.” — David Shipley [04:11]
• Impact of Misinformation:
  • Both Jim and David criticize journalists for fueling skepticism, noting the importance of accurate, nuanced reporting in cybersecurity.
• Research Insights:
  • Shipley’s ongoing “Why People Click” study (6,293 respondents) reveals that most click behaviors are not tied to simple work patterns and suggest deeper psychological or organizational factors at play.

3. AI’s Expanding Role — Promise, Hype, and Social Impact ([08:27]–[14:39])

• Surge in Social Engineering via AI:
  • AI is increasingly enabling sophisticated online deception, complicating organizations’ ability to maintain a shared sense of digital “truth”.
• Disillusionment with AI Marketing:
  • Many practitioners express fatigue over tech vendors’ exaggerated AI claims—“Agentic AI has become the new zero trust.”
• Voice & Identity Spoofing:
  • The panel emphasizes urgent needs for process controls and “code word” procedures, given the accelerating threat of real-time audio deepfakes.
  • “You have instructions... get code words in place now, because this is going to run and I don’t think it’s going to take very long, Tammy, for one of these groups to grab a hold of this and just run the table with it.” — Jim Love [35:14]

4. Ransomware & Data Extortion: The Clop/Oracle Case Study ([18:27]–[31:23])

• Clop’s Evolution and Supply Chain Threats:
  • Tammy explains Clop’s shift from ransomware attacks to data extortion and partnership with the private groups Fin7 and Fin11, focusing on exploiting file-sharing and ERP applications (notably Oracle EBS).
  • “Clop functions a little differently… They are mainly a data extortion and a data broker at this point.” — Tammy Harper [18:31]
• Industry Response and Doubt:
  • Oracle’s ambiguous public statements draw sharp criticism from the panel, who suspect a core vulnerability rather than isolated incidents.
  • The panel notes the speed and scale are likely made possible by AI-aided exploitation.
  • “Clop is actually a reference to like an insect bloodsucker parasite. At least these guys are really into honesty in their advertising.” — David Shipley [21:41]
• Criminal Groups’ Media Savviness:
  • Ransomware gangs are adapting their public messaging, social engineering, and rivalries to manipulate the media ecosystem, even using Gen Z slang to confuse authorities.
  • “They are very media savvy now and we have to be careful.” — Tammy Harper [26:55]

5. Cybercrime Group Rivalries & the “Shiny Hunters” Phenomenon ([24:13]–[31:23])

• Intergang Competition:
  • Tammy describes how groups like “Scattered Lapsis Hunters” (merger of Shiny Hunters, Scattered Spider) use public taunting and leaks to garner attention, sow confusion, and distract defenders.
• Criminal Ecosystem Evolution:
  • Recognition of “insider” vs. “outsider” attacks, and the calculated use of media both to taunt law enforcement and to enhance extortion pressure on victims.

6. The Human Impact: Scams, Loneliness, and Romance Fraud ([31:23]–[36:22])

• Romance Scam Fallout:
  • David shares a striking example: Gander International Airport is witnessing people arriving to greet online lovers who never existed—real-world heartbreak from romance baiting/catfishing.
  • Highlights the escalating “loneliness epidemic” that cybercriminals exploit.
  • “Imagine someone's entire world coming to a crash... And nothing seems more 2025 in terms of the human impact than that.” — David Shipley [33:13]

7. Insider Threats: Detection, Motives, and Physical Risks ([36:22]–[47:29])

• RBC Insider Case:
  • Laura outlines a breaking case where a bank employee, for personal financial gain, abused system access to create fraudulent accounts and exfiltrate data, touching on insider threats and the difficulty of total trust.
  • Insider risks go beyond malice: romance scams, coercion, blackmail, and single mistakes can escalate.
  • “You may have a good person working for you who does one little thing wrong and can then be used by criminals for the rest of their career inside your organization.” — Jim Love [39:28]
• Physical Security’s Revival:
  • As cybercrime groups increase physical intimidation and violence, security strategies must merge digital and physical monitoring and response.
  • David notes growing necessity for collaboration between cybersecurity, criminology, and law enforcement.

8. Process Controls & Security Fundamentals ([41:00]–[46:44])

• Importance of Process over Tech:
  • Panelists repeatedly stress that robust, enforced procedures (e.g., dual controls for funds transfer, vaults that cannot open after hours) are the most effective defense against both digital and physical crime.
  • Business Email Compromise (BEC) is cited as an example where process trumps technical controls.

9. Ethics in Cybercrime: The Daycare Breach ([48:29]–[50:56])

• Daycare Data Extortion in the UK:
  • Laura recounts the disturbing seizure of children's data by criminals for extortion. The cybercriminal community itself denounces attacks on children, threatening ostracism for violators—a rare line most will not cross.
  • “Other cybercriminals vowed to dox them and to go after them because it’s the same thing with like real-life criminals, like kids are off limits.” — Tammy Harper [49:04]
• Achievement in Deterrence:
  • No ransom was paid, showing principled resistance, even as some criminals make grudging “respectful” comments about the boldness of attacks.

Notable Quotes & Memorable Moments

• On the value of layered defenses:
  “We need layers of defenses, and that includes people. And yes, it’s tricky, it’s hard, it’s not as easy as binary ones and zeros, but it is valuable. And to wholeheartedly dismiss it is irresponsible.” — David Shipley [05:54]

• On security training and box-checking:
  “Bad training doesn’t work. Stop the presses.” — Laura Payne [10:17]

• On AI-powered threats and the need for code words:
  “Substitute my voice for your son, your daughter, your whatever... get code words in place now, because this is going to run and I don’t think it’s going to take very long.” — Jim Love [35:14]

• On insider threats and coercion:
  “You could have good people who get fished in by a romance scam, who are... just blackmailing them. And they’re smart people who are going after these folks.” — Jim Love [39:28]

• On process over technology:
  “The biggest cybercrime out there is business email compromise. And the best defense for it, not an AI, it is process.” — David Shipley [46:44]

Timestamps for Key Segments

• Cybersecurity Month Initiatives: [00:41]–[04:00]
• Security Awareness & Media Irresponsibility: [04:00]–[08:27]
• AI’s Impact & Conference Culture: [08:27]–[14:39]
• Clop Ransomware: Tactics and Oracle Exploit: [18:27]–[23:45]
• Ransomware Group Rivalries & Manipulation: [24:13]–[31:23]
• Scams & Real-world Consequences: [31:23]–[36:22]
• Insider Threat—RBC Case: [36:22]–[41:00]
• Physical Security and Controls: [41:00]–[46:44]
• Daycare Breach & Cybercrime Ethics: [48:29]–[50:56]

Final Thoughts & Panel Wrap-up

• Awareness, Process, and Fundamentals:
  • The panel closes with calls to focus on security foundations: human-centered awareness, process-driven controls, and not losing sight of the real-world impacts of digital crime.
  • Tammy previews her upcoming research-based talk on the future of cybercrime, stressing the importance of measured, empirical analysis over “sci-fi” speculation.

This episode stands as a comprehensive, candid conversation about the changing face of cyber risk as observed in October 2025, with critical reflections for practitioners, leaders, and the wider security community.