JCSC News: Policy progress, ToolShell trouble, and the pitfalls of passwords

Plus how to sign up for the 2025 Channel Islands Cyber Security Conference

August 04, 2025 • Estimated Reading Time: 11 minutes

Contents

Dear reader,

This has been an interesting month, with activity varying from work to establish GCSC in Guernsey through to supporting a number of Jersey organisations respond to SharePoint vulnerabilities. We’ve also seen the launch of consultation of Government’s cyber policy framework (more below), and following a meeting earlier this month of the Council of Ministers, Ministers have requested an amendment to the proposed Cyber Security Law, which officers are currently progressing with a view to lodging later in 2025. That may of course impact our timeline for engaging with you all in October on implementing the requirements for Operators of Essential Services (OES) but we will, of course, keep you updated on progress and any implications for delivery.

Coming back to SharePoint, globally a total of 396 compromised systems have now been identified following the widespread exploitation of the Microsoft SharePoint zero-day vulnerability ToolShell (CVE-2025-53770/53771). Eye Security, the Dutch company that discovered the global zero-day, analyzed 27,000 SharePoint servers between July 18 and 23 and confirmed the compromise affected at least 145 unique organizations across 41 countries.

Many commentators have noted that long-term, the number of affected organizations is likely to grow. The US was the country with the most successfully attacked organizations, making up 31% of the total. Mauritius (8%), Germany (7%) and France (5%) were also among those affected.

Jersey also uses Sharepoint extensively, and at JCSC we work hard to protect our community when new critical vulnerabilities arise. To do this we ingest scanning data on Jersey’s public internet space and use a range of specialist tools to research which organisations might be impacted. We typically process some 60,000 potential issues on a monthly basis, each of which can have 30-60 data points associated with it. For last week’s SharePoint vulnerabilities we identified 6 highly vulnerable systems that had not already been addressed, and after discounting one as a false positive (sometimes different systems look alike) we contacted the organisations concerned, who took action as a result. Some turned off the service entirely, others did emergency upgrades. As of today, the number of known ToolShell compromised systems in Jersey is zero…. yet of course we are only ever one vulnerability away from compromise.

Well done to those who acted promptly. If you are responsible for an organisation’s IT systems, my colleague James has written some helpful advice on what to do which you can find below.

Until next time,

Matt

PS. It’s that’s time of year again - get your tickets for the annual conference here!

New advice: How to protect your SharePoint server

Senior Analyst James McLaren

It’s likely by now you’ve heard about ToolShell, a series of linked vulnerabilities in on-premises SharePoint servers. While Microsoft have released a patch, ToolShell is being exploited in the wild.

In our latest advice, Senior Analyst James McLaren explains:

  • how Jersey businesses are affected

  • how you can identify if you’ve been impacted

  • how you can protect yourself in the future

Upcoming events

Cyber Security Policy Framework consultation period

At the 2024 Cyber Security Conference we highlighted Government’s plan for an updated Cyber Security Strategy - the previous one dating to 2017. That has developed into a new Cyber Policy Framework.

Consultation is currently open on the Cyber Security Policy Framework, which Government describes as “designed to set out the Island’s ambition to be a high-performing economy with a resilient digital ecosystem that supports the economy and reduces the impact of cyber crime on Islanders”.

You can respond to the consultation by email, in writing, or online via the Government of Jersey website.

The consultation is open until 2 September: you can find more details via the Government of Jersey website.

Lunch and Learn sessions

Places are filling up fast on our Lunch and Learn sessions, so don’t miss out:

  • Thursday 7 August: Small businesses and charities - WAITLIST ONLY

  • Friday 5 September: Financial and professional services - LIMITED AVAILABILITY

  • Monday 3 November: Hospitality

  • Tuesday 2 December: Small businesses and charities - WAITLIST ONLY

As always, you can join us in person at 1 Seaton Place, or via Teams. These sessions are designed for people who aren’t cyber security specialists, and focus on basic controls that can prevent some of the most common cyber attacks.

Can’t make these sessions? Want a bespoke session for your organisation or industry? Just email us at [email protected] to request another session. 

Channel Islands Cyber Security Conference - Thurs 16 October

Photo Credit: Paul Wright

Booking for the 2025 Channel Islands Cyber Security Conference is open. Join us and the Channel Islands Information Security Forum (CIISF) on Thursday 16 October for a range of speakers including:

  • Deputy Moz Scott, Assistant Minister for Sustainable Economic Development

  • Rob Shapland (Cyonic, as seen on BBC and ITV)

  • Andy Compton (Cortida Ltd)

  • Peter Bassill (Cyber Defense)

  • Matt Palmer (JCSC)

Have you subscribed to Cyber Bytes?

Don’t forget, you can still subscribe to Cyber Bytes, our alternative newsletter. If you need a more accessible introduction to basic cyber security concepts, Cyber Bytes can help.

You’ll receive a regular email update with actions you can take to improve your cyber security, even if you don’t have IT support.

You can choose to subscribe Cyber Bytes, this newsletter, or both by voting in the poll below. If you ever want to unsubscribe from either email in the future, you can use the unsubscribe link at the bottom of the email.

And if you don’t vote, don’t worry: you’ll remain subscribed to this newsletter.

Which type of information are you most interested in?

Login or Subscribe to participate in polls.

Cybersecurity in the news

Microsoft patches on-premises SharePoint vulnerability

We’ve had some contact from Islanders concerned about whether they’re affected by this zero-day exploit. The good news is that this only affects people using on-premises SharePoint Servers, and it has now been patched by Microsoft - any organisations with their own installs who have not patched yet should do so urgently.

Microsoft Patches 'ToolShell' Zero-Days Exploited to Hack SharePoint Servers

www.securityweek.com/microsoft-patches-toolshell-zero-days-exploited-to-hack-sharepoint-servers

One weak password sinks UK transport company

While password hygiene is old news to cyber security professionals, this report from the BBC makes clear that passwords (and user behaviour around them) is still a weak point. It’s good to see the NCSC working with non-trade media outlets to raise awareness of something many of us have been talking about for years.

Weak password allowed hackers to sink a 158-year-old company

www.bbc.co.uk/news/articles/cx2gx28815wo

On the subject of passwords…

A great way to avoid being vulnerable to a password compromise is MFA. The good news is that we’ve just published a new article explaining how it works, and why it matters.

Understanding Multi-factor Authentication | Jersey Cyber Security Centre

jcsc.je/advice-and-guidance/understanding-multi-factor-authentication

Jobs in Cyber

Project Officer (Cyber Security) - JCSC, Guernsey (12 month FTC)

To support the delivery of Guernsey Cyber Security Centre (GCSC) and our operational requirements while the project is under way, we are currently hiring a temporary Project Officer to be based in Guernsey. The role holder will be good at completing and finishing tasks with strong attention to detail, enjoy engaging with and delivering for the local Channel Islands community, and welcome the opportunity to work with a diverse pan-island team. Cyber security expertise is not required for this role.

Senior Manager: Cyber Risk Advisory - PWC

This role would suit someone with experience of leading teams, managing cyber security projects, and managing client relationships.

Senior Security Consultant - Prosperity 24/7

This role would suit someone with a relevant degree and certifications, and experience of consulting and people management.

Are you recruiting for a cyber role locally? Tell us at [email protected] and we’ll share your job listing with the community.

Learning and Tools of the month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

TOOL: S3 access summary

You can now easily check which of your Amazon cloud S3 buckets has external access enabled. Publicly-accessible buckets are an easy target for a hacker, so this new summary makes it easier to protect yourself.