What Happens When Resources Go Away?
7–21–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, July 21, 2025, and while ransomware and zero-days continue, we’re going to zoom out a bit and focus on the meta-message here in an effort to get better-prepared.
What Happens When Things Go Away?
While the Citrix Net Scaler (having been dubbed “CitrixBleed2”) continues to see exploitation in the wild, the weekend was dominated by a newly discovered vulnerability in Microsoft SharePoint.
This vulnerability, too, also has a name - being called “ToolShell”. CISA and Microsoft published a joint alert on Sunday, indicating just how much impact this might have - though it only impacts on-premise SharePoint servers, a diminishing number given the push to SharePoint online has been happening pretty aggressively for a decade or more.
The vulnerability, according to this release, “provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.”
Not great.
The Washington Post in their coverage calls this a “Global Hack” noting that at least two Federal agencies as well as several state-level groups here in the US have been impacted.
The article also notes Microsoft’s flubbing of the initial suggested remediation, writing “After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software. Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch. The company declined to comment further.”
Which brings us to a good question for us to ponder as we continue to face uncertainty ahead: what happens to our business if these tech resources simply go away?
Netflix pioneered some work in this area with their approach to “Chaos Engineering,” writing a tool called Chaos Monkey. This service pseudo-randomly plucks a server from our production deployment on AWS and kills it.
Now, I’m not suggesting you start running around killing services or flipping switches or pulling out cords from the back of boxes, but I do think it’s worth putting some planning around these notions of availability.
It’s no longer far-fetched that your SharePoint instance could suddenly become unavailable. In fact, in the WaPo article, they flag “One state official in the eastern U.S. said the attackers had “hijacked” a repository of documents provided to the public to help residents understand how their government works. The agency involved can no longer access the material, but it wasn’t clear whether it was deleted.”
Obviously, information sharing is vital in fighting these threats - and even that might just go away one day. Politico notes that discussion around a law known as “CISA 2015” - or the Cybersecurity Information Sharing Act - “a bill to make it easier for companies to share personal information with the government, especially in cases of cyber security threats” - has stalled, and the law may not get renewed in the current legislative session and would expire at the end of September.
Again, planning for when capabilities simply go away is no longer a hypothetical. If you haven’t put the time in to think these things through, start with the most business critical elements, and work out from there:
How long could we be without this resource?
What would the alternative operations look like?
What are the knock-on effects of this outage?
What communications - both internal and to customers - should happen?
Take these steps towards resilience now, and stick with them. Once the outage has happened, it’s too late.
Fundraising
From a fundraising perspective, another solid week also featuring nearly $20B in newly committed capital, including a couple of very strong raises from:
Stone Point Capital, a PE firm focused on financial services, closed Trident X with $11.5b, $2.5b larger than its last fund; and
Neuberger Berman closed NB Strategic Co-Investment Partners V with over $2.8b.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.cve.org/CVERecord?id=CVE-2025-53770
https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/
https://netflixtechblog.com/chaos-engineering-upgraded-878d341f15fa
https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Act