Final thought About the Author: Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
One idea that continues to guide his leadership comes from his time at Microsoft. When he joined the company in 2008, he was struck by a powerful metaphor. If we sit in one boat, we must not only row well. We must also remain in …
Is the cyberattacks stronger than the cybersecurity? “No, stronger it is not. Quicker, easier, more seductive,”.
This is the sixth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.
“The fact is, you have to do things for the current, but also the after. You must pay attention to people’s sensibilities. Even if we’re in a period of crisis, we mustn’t just have financial objectives, catering objectives or customer recovery objectives. We have to think about the well-being of our teams, to keep as many staff as possible. There’s no point in getting the business back on its feet if everyone leaves.”
My book is dedicated to encouraging companies to consider the human aspect in the context of cyber-attacks. But coaching has only been part of my professional practice for the past 4 years. For over 25 years now, my career has been centered on helping customers strengthen their data resilience. This scenario is freely inspired by one of my corporate clients …
In this episode, I will fictionize a cyberattack, but by suing what I call a winning scenario. A winning scenario is when a company consider security as a strategic priority. No discussion, security is part of the daily normality
Once upon a time, there was a company that had security in its DNA. Cyberattacks are one of the problems of the modern world, and preparing for this eventuality is a necessity. It also knows that the best is the enemy of the good, and that security requires more discipline than expertise.
This situation is beneficial for the company, which recognizes the crucial role of IT security and allocates the necessary resources to develop a robust cyber resilience strategy. This strategy is based on risk analysis. The company has developed clear and achievable security policies that balance business requirements and available resources. IT and IT security departments have sufficient resources, expertise, and equipment to detect risks, develop effective countermeasures, and prevent systems from becoming obsolete. All staff members receive customized cybersecurity training based on their job responsibilities. This training is based on a positive approach. This enables them to respond effectively to potential attacks through regular simulations. They also take a proactive and self-critical approach to assessing their own skills and processes. All levels of management participate in cyber crisis management workshops, with annual reviews and updates of the crisis plan.
This corporate vision will significantly reduce the risk of internal cyberattacks. Although no system is completely risk-free, a consistent and well-structured approach helps to reduce employee stress and anxiety, thereby promoting a positive and productive work environment. This further reduces employees’ motivation to harm the company.
In the event of an attack, it will likely be detected quickly thanks to the constant vigilance of the teams and the proactive approach of everyone involved. Well-established and consistently followed incident management protocols ensure rapid decision-making. System protection will always be the top priority. Effective crisis management, combined with a clear understanding of everyone’s responsibilities, ensures smooth and efficient internal and external communication. Even if the impact is more serious, the robust response and containment processes of a high-performing company will be triggered. After being quarantined and thoroughly examined by the emergency response team, an assessment of the environment and its readiness for production resumption is initiated, in accordance with rigorous procedures.
In the event of an emergency, a stand-alone backup version can be quickly implemented. This standard practice ensures that the process is carried out efficiently and meticulously. With detailed instructions on business operations, software applications, and their interconnections, restoration efforts will be thorough and organized.
These comprehensive measures, which include thorough planning and proactive testing, ensure a smooth resumption of business. In addition, by keeping customers and suppliers informed during this period, everyone involved can make prudent decisions.
In this case, no one is designated as a hero. Rather, cyberattack management is a top priority, deeply embedded in a culture of risk management and individual autonomy. As a result, a cyberattack is viewed as a manageable event rather than a crisis.
In this scenario, no individual is designated as a hero. Managing cyberattacks is a priority, rooted in a culture of risk-aware management and individual autonomy, making a cyberattack a manageable incident rather than a crisis.
This is a Hero-less narrative.
No Hero, no fall of the Heroes!
THINGS TO REMEMBER
In cybersecurity, it’s not if you’ll get breached — it’s when. So isolate, authenticate, replicate… and don’t forget: your backup is only as good as your last restore test.
Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.
Find him on LinkedIn: Didier Annet
Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition) – Available on Amazon
English version:
“Survival Guide – The Human Impact of Cyberattacks and the Untold Story of Those Who Respond”
“What Happens to Heroes?”
Available on Amazon
CyAN is nearing the end of its spring 2025 mentorship programme. We extend a sincere thank you to our members who have agreed to contribute to the development of new talent entering the information security sector: Saba Bahgeri (Australia), Mohammed Shakil Khan (UAE), Mathew Nicho …
It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure SD-WAN and secure access service edge (SASE) deployments. The flaw affects widely used software and poses a serious risk of remote code execution (RCE) without authentication – making it a top priority.
It has the highest possible CVSS score of 10.
This vulnerability allows threat actors to exploit exposed systems over the network, potentially gaining full control. The attack surface is broad, and with proof-of-concept (PoC) exploits already circulating.
Affected systems are commonly used in enterprise environments.
Exploits are trivial to deploy once a target is found.
The impact can range from data theft to full infrastructure compromise.
This is a wake-up call to stay vigilant, keep systems updated, and prioritize proactive vulnerability management. CVE-2025-34027 is not just another CVE — it’s a critical risk that requires immediate attention.
Let’s not wait for headlines. Secure your systems today!
You can find more information and details on the subject at the link below:
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
VMware Cloud Foundation (VCF) is an integrated software platform developed by VMware that provides a complete solution for managing and operating a hybrid cloud infrastructure. It combines VMware’s compute, storage, networking, and cloud management services into a single automated platform.
VMware has stressed that there are no available workarounds for these vulnerabilities, making patching the sole effective method of mitigation.
Administrators using VMware Cloud Foundation 5.x are strongly advised to upgrade immediately to version 5.2.1.2.
For organizations running VMware Cloud Foundation 4.5.x, the recommended course of action is to follow the instructions outlined in knowledge base article KB398008.
Blackpoint created a list with further guidance that could strengthen our infrastructure resiliency:
Isolate Management Interfaces
Place ESXi and vCenter servers on a dedicated management VLAN. Avoid exposing them to the internet unless absolutely necessary.
Restrict Access to Management Services
Limit access to management interfaces to trusted IP addresses or subnets. Where feasible, block outbound internet access from hosts.
Harden Authentication and Access Controls
Use strong, unique credentials for all accounts. Disable SSH unless it is actively required.
Minimize Attack Surface
Disable any unused services and protocols—such as CIM, SNMP, SSH, or Web UI—to reduce potential entry points.
Secure and Test Backups
Store backups offline or in immutable object storage. Regularly test backup restoration processes to ensure reliability during an incident.
Official advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
Further information on the CVE Trio: https://cybersecuritynews.com/vmware-cloud-foundation-vulnerability/y/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
