Dwell Time, Zero Days, and the Rate of Change
2–9–2026 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, February 9, 2026, and we’ll start by congratulating the Seattle Seahawks on their Super Bowl victory yesterday, and hope they get chance to rest, recover, and enjoy being World Champions before the parade (which will, no doubt, be held in the rain because Seattle).
This week, we’ve got a couple of stories about velocity, and then a reminder of the need to think through “contingency mode” operations.
Dwell Time, Zero Days, and the Rate of Change
There was a story that broke late last week about a ransomware attack at US-based payments provider BridgePay. Their own status page tells quite a story - where it started noting degraded performance on one part of their infrastructure at 3:29 AM. Within a half hour, two others also appeared listed as degraded, then was hard down about two hours from the first sign of disruption.
By 6:34 AM - just three hours after the initial signs - the company posted that they “are currently experiencing a system-wide service disruption. We have identified that this outage is related to a cybersecurity incident and are actively investigating with our internal teams and external specialists including the FBI.”
As of this morning, they do not have an update on status or ETA for returning, but have noted that it’s ransomware (which we should give them some credit for).
They also say “No card data was compromised and any file that may have been accessed was encrypted” (which would be a PCI requirement, thankfully), and that they “remain committed to transparent communication” - which we’ll keep an eye on moving forward.
The takeaway for us here is a few things:
Attacks happen fast, and they don’t always happen during business hours. It’s not uncommon for me to encounter a client who has a small team responsible for security monitoring and response. Even if you’ve got a “pager duty” style rotation, you’re going to be no match against an attack like this at 3 AM.
Early intervention reduces blast radius. Like the previous point, you’re going to have to move fast before this thing spreads. Like, automatic, no human intervention required fast. So if you don’t have auto isolation playbooks built out for both endpoints and servers, put some effort into that.
Have backups and test restoration plans. This company is going into their fourth full day of the incident, and doesn’t even have an ETA. This tells me that they likely didn’t have great backups, didn’t have a great plan or practice on restoring from them, or both.
All of these elements are within our control, and will help us defend against ransomware attacks, hardware failures, AWS outages, and any other number of things that are likely to crop up as we continue to operate in 2026. Please do these basics - they’re important, and will help you when the chips are down.
The other story worth flagging this week is an announcement from Anthropic about some capabilities that their new Opus 4.6 model has achieved, namely identifying “more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting.”
Even if that’s a bit of marketing inflation, there’s real value in being able to find and fix these things before attackers do. That said, we’ve also created a race condition where this technology can be used by threat actors to find and exploit the holes, as well.
What we need to do, then, is accelerate not only our vulnerability identification capabilities, but also our ability to patch them. Can AI help with this? Of course, but we also need to test, confirm it’s not breaking anything else with the changes, and roll it into our existing CI/CD pipelines.
While we’ve got some powerful tools at our disposal, we’re also still human. Story of the year, would seem.
Fundraising
From a fundraising perspective, another week with modest numbers totaling about $8.7B in newly committed capital.
I did catch an article about a PE fund in London, OnCapita, winding down operations after 20 years. We heard tell towards the end of last year that many firms were raising their last fund, but just didn’t realize it. Maybe this is a one-off, maybe it’s the tip of the iceberg. We’ll just have to wait and see!
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and now sign up for our monthly newsletter, the Intentional Dispatch.
We’ll see you next week for another edition of the Intentional Brief.
Links
https://cybersecuritynews.com/bridgepay-ransomware-attack/amp/
https://status.bridgepaynetwork.com/incidents/mgg52286dn24
https://www.axios.com/2026/02/05/anthropic-claude-opus-46-software-hunting