Date of Webinar: July 24, 2025
Speakers: Colin Smith, Secure Cloud & Modern Work Practice Lead | Nuno Joaquim, Head of Enterprise Architecture and IT  

Summer may be beach season, but if you’re not careful, it can also be breach season. On July 24, we hosted a timely and eye-opening webinar titled “Day at the Breach,” a cybersecurity deep-dive revealing how just one phishing email can cause devastating ripple effects across your organization. 

Here’s what you missed, and what your organization needs to know.

The Bait is Getting Smarter 

Phishing isn’t new, but it’s evolving. As Colin Smith explained, phishing succeeds because it targets humans, not machines. That makes it the most successful and least automatic form of attack. Worse, AI is now helping attackers craft sophisticated, hyper-personalized phishing messages that mimic real HR requests, bank updates, or internal communications. 

Key takeaway: Humans are your biggest vulnerability, and your greatest defense. 

Real-Time Relevance: SharePoint Breach of 2025 

The webinar couldn’t have been timelier. Just days before, a zero-day vulnerability (CVE-202553770) in on-premise SharePoint (2016, 2019, and SE) was actively exploited, affecting everyone from airlines to government agencies. If your organization is still using on-prem SharePoint, you may already be at risk. 

Creospark Tip: Migrate to SharePoint Online and let Microsoft handle security at scale, or patch and harden your on-prem servers immediately. 

Anatomy of a Breach: What Really Happens 

Creospark’s Head of Enterprise Architecture, Nuno Joaquim, took attendees inside the mind of a hacker. Here’s what a typical breach looks like: 

1. Initial Compromise – A stolen password, malicious link, or misconfigured system. 
2. Dwell Time – Attackers silently observe, learn workflows and identify high-value targets. 
3. Exfiltration – Data theft, malware deployment, or further phishing from internal accounts. 
4. Detection & Containment – IT scrambles to stop the bleeding. 
5. Notification – Regulators, customers, and partners must be informed. 
6. Recovery – Systems get patched; backups restored (if they exist). 
7. Postmortem – Lessons learned. Security assessments. Hardening for next time. 

Recovery time: From 2 days to several weeks, depending on the size of the breach and your organization’s preparedness. 

What You Can (and Should) Do Today 

The best time to prepare for a breach was yesterday. The second-best time is now.  

Top security recommendations from the webinar: 

• Go passwordless or enforce MFA across your organization. 
• Regularly audit your Microsoft 365 environment for vulnerabilities.
• Back up your cloud data. It’s your responsibility, not just Microsoft’s. 
• Don’t ignore “minor” anomalies. They’re often red flags. 
• Train your employees to recognize phishing, verify sender emails, and question unusual requests. 
• Review app registration settings. An attacker can hijack accounts using hidden, scripted apps. 
• Partner with experts (like us!) to conduct security clarity workshops and assessments.

One Last Word: Communicate 

Breaches don’t just affect systems; they shatter trust. Be proactive and transparent with your customers, stakeholders, and internal teams. Silence or delay will only make things worse. 

Missed the Webinar? We’ve Got You Covered. 

Participants received a post-webinar bonus to help assess organizational readiness. If you missed out, stay tuned to our Events page for more security clarity workshops, or contact us for a personalized Microsoft 365 security assessment. 

Read more related blogs

• Waves, Shades & Cyberthreats: Avoid Breaches in the AI Era
• Are You Still Running SharePoint On-Premises Servers? Here’s Why You Need to Migrate to SharePoint Online — Before It’s Too Late