Why SharePoint’s Vulnerability Demands Board-Level Attention
A global cyberattack has put thousands of organisations at risk this summer, targeting one of the most widely used workplace platforms – Microsoft SharePoint.
By exploiting critical flaws in the on-premises version (CVE-2025-53770 and CVE-2025-53771), attackers were able to take full control of vulnerable servers without any login credentials. From government agencies to major corporations, the breach has affected organisations across multiple sectors.
With NIS2 about to tighten cybersecurity requirements, the cost of being unprepared in terms of both risk and compliance has never been higher.
What “On-Prem” Means
Running systems “on-prem” means the organisation keeps them in its own server rooms instead of using cloud services. This is still common in:
- Public sector (government agencies, municipalities) due to legal and security requirements.
- Manufacturing and infrastructure, where local control is critical.
- Private companies that still depend on older, integrated systems.
When you run on-prem, your organisation is fully responsible for keeping systems updated, monitoring for intrusions and reacting quickly to incidents. If updates are delayed, attackers can exploit vulnerabilities before defences are in place.
NIS2 Changes the Rules
The EU’s NIS2 directive sets stricter requirements for many public and private organisations, including:
- Reporting major security incidents within 24 hours.
- Reporting significant vulnerabilities that could impact essential services, even before they are exploited.
- Having the ability to detect and stop attacks quickly.
- Keeping systems up to date with security updates for known vulnerabilities.
Meeting these requirements is not optional. NIS2 makes the board and executive team directly accountable for ensuring the right processes, controls, and resources are in place.
The SharePoint case shows exactly why these rules matter: attackers moved faster than updates could be applied, and, in some cases, the real damage occurred before the patch was installed.
What We Can Learn from This
Microsoft released a security patch but, in this case, it did not fully resolve the issue. Attackers who had already gained access could still maintain control through stolen cryptographic keys or hidden “backdoors”. This made patching alone a potential false sense of security, highlighting the need to combine updates with key rotation, forensic analysis, and thorough threat hunting.
- Apply security patches (updates) immediately – but first verify and investigate whether the vulnerability has been actively exploited. Even if a patch stops new attacks, it will not remove an attacker who is already inside, as seen in the SharePoint case.
- Change passwords and security keys if there is any risk they have been stolen (this prevents attackers from using stolen credentials to get back in).
- Search for hidden malicious code (backdoors) that attackers might use to return later (these are secret ways into the system that bypass normal security).
- Document and rehearse your incident response plan so you can meet reporting requirements and act quickly under pressure (knowing exactly what to do saves valuable time during an incident).
Rapid detection, thorough investigations, and coordinated response require oversight and decision-making at the highest level, not just within the IT department.
How Advisense Can Help Your Organisation
With our extensive experience in cybersecurity and regulatory compliance, Advisense can help you prepare for incidents like this and meet the new NIS2 requirements by:
- Reviewing your current security and identifying weak spots.
- Business continuity and recovery planning – ensuring operations can continue during and after an incident.
- Supplier and third-party security assessments – verifying that your supply chain meets security requirements.
- NIS2 compliance readiness – building processes, documentation, and controls to meet regulatory obligations.
- Incident response training and simulations – combining staff training with realistic tabletop exercises to ensure everyone knows their role and can act effectively under pressure.
Conclusion
The SharePoint case is not just about a vulnerability – it has been actively exploited in real-world attacks. It is a reminder about how quickly threat actors can take advantage of weaknesses and how much damage they can cause if detection and response are too slow. This incident also proves that patching alone is not enough; without thorough investigation and remediation, attackers can remain in the system even after updates are applied.
Under NIS2, organisations will face stricter requirements for detection, incident reporting, and risk management; areas where board-level leadership is accountable, and where Advisense’s expertise ensures clients can respond effectively and remain compliant.
Schedule your session today and take a proactive step toward NIS2 compliance.
