The China Threat
4–14–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, April 14, 2025, and we’re going to tackle the largest issue on the macro threat landscape head on today and talk about China.
The China Threat
Longtime viewers of this show will know that we often remind you to focus on your controllables, realize that you’re not going to defeat a nation state, and not get distracted by these large movements that none of us, individually, can control or influence.
That said, it’s not the same as asking you to ignore the obvious or bury your head in the sand, and the news we’ve seen about China in the past week or so needs to be talked through.
Of course, we’re all seeing news about the escalating trade war featuring tarriffs now exceeding 100% on both sides of this conflict, but we also saw some other China-specific cyber news this past week that’s worth digesting.
First, there was a report in the Wall Street Journal that China has privately admitted to conducting attacks on US Critical Infrastructure. The reporting contains a few particularly interesting notes, including the fact that this disclosure was made in December to the outgoing Biden administration, and that it was done in response to the US support for Taiwan - indicating a potential political tie to the activities.
From the article:
“The conclusion of American officials after the meeting was that the cyberattacks were meant to scare the United States from getting involved in a potential conflict between China and Taiwan.”
This is important when you now realize that we’re in an even more pressing conflict with China over trade, that could spill into other domains.
This, in fact, was the message in an article in The Register last week, with multiple security professionals expressing concern about how China might retaliate using these same capabilities.
This, of course, follows on from Reuters reporting last month that Chinese intelligence operatives are targeting laid off Federal workers, and news from Bloomberg that the Office of the Comptroller of the currency reported to Congress that they’ve been breached for more than a year, exposing emails of 103 bank regulators during that time.
At the same time, the Cybersecurity Infrastructure & Security Agency - CISA - who is charged with defending against these very threats, is reportedly facing cuts of half of its full-time staff and 40% of its contractors as early as this week. This comes on the heels of an Executive Order from President Trump targeting the former head of CISA, Chris Krebs, with retribution for his assertion that the 2020 elections were not, in fact, manipulated in any way.
So what should we make of all of this? Like I said - we can’t fight China, and we can’t set CISA policy. But we also can’t ignore the fact that tensions are high, defenses are being reduced, and we’re increasingly likely to be caught in the crosshairs.
This is your warning to make sure you get to all those things that have been on your to-do list, all the things you know you should be doing to tighten things up but just haven’t mad time for yet, all of those little tweaks and improvements that will move the needle.
It’s MFA, it’s training and awareness, it’s backups and recovery, it’s patching. None of it is glamorous, but it’s more necessary now than ever - and the window is closing, whether we’re defending against the threat from China, or other threat actors looking to take advantage of the environment we’re in.
Let’s get to it.
Fundraising
From a fundraising perspective, we saw more than $14.5B in newly committed capital last week, led by Pantheon, raised $5.2b for its third private credit secondaries fund
Speaking of secondaries, the Financial Times writes that secondaries funds are poised to strike with a headline that read “Private equity is more stuck than ever — and secondaries will benefit” - coming in on average at 75 cents on the dollar when they offer PE funds cash for existing stakes - which is not a bad starting point for a big return.
The article, of course, notes that it takes dry powder to pull the trigger on these deals, which is why we track fundraising weekly. Expect to see more and more of these funds coming together.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/
https://www.theregister.com/2025/04/10/trade_war_reaches_cyberspace
https://therecord.media/trump-administration-planning-workforce-cuts-at-cisa
https://www.nbcnews.com/tech/security/us-cyber-defenders-shaken-trumps-attack-former-boss-rcna200597
https://www.ft.com/content/35b0c461-cf6d-49f0-a541-b798415c0c5b