Author Archives: Ish Singh

Executives Decoding Cybersecurity

Thursday, April 13, 2023
11:30AM – 1:30PM
Morton’s The Steakhouse, Orlando, FL

What You Can Expect to Learn:

The Current State of Cybersecurity Threats

Organizational Cyber Risk Mitigation

How to Recover from a Cyber Attack (Preparedness and Recovery)

We’re an IT services provider who is fully immersed in the world of alternative investments and the latest advancements in technology. And because the service and performance we provide are built on commitment and trust, you’ll clearly benefit as a result.

At Thrive, our difference is our people and the talents that they possess. Our seasoned team of technology professionals focus their skills on serving the demanding needs of some of today’s leading alternative investment firms across the globe. Their expertise and knowledge is available as a service to help you plan, implement and assess your overall technology strategy. Think of Thrive as your Talent as a Service solution.

DOWNLOAD PDF

Migrating to the Cloud isn’t always a simple undertaking. There are many considerations any organization must address when it contemplates migrating data and applications from its on-premises solution into a Cloud environment.

Thrive not only has the experience and resources to guide you through the migration process, but also the managed service offerings to help you optimize and manage your applications once they get to the Cloud. Our Cloud analytics tools can determine optimal memory, CPU, and storage tier needs to ensure that your Cloud services are right-sized for predictable billing and performance.

DOWNLOAD Cloud Migration PDF

Guide to Cloud Migration

A goal for any government agency looking at the Cloud is fairly straightforward: cut waste, and enable employees to deliver services to the public faster and better. Choosing a reputable Cloud services provider is crucial for the government and law enforcement agencies migrating to the Cloud. To minimize risk and maintain the security of critical information, be sure that the Cloud provider you choose has a lead agency sponsor or that the Criminal Justice Agency (CJA) has completed a site security checklist.

The first thing a government agency may want to consider is finding a CJIS-compliant Cloud provider that can work within their budget. Many Cloud providers adhere to the consumption-based billing model, meaning that the amount an organization pays can vary wildly from month to month. For government agencies operating on a
strict budget, such fluctuations are not acceptable.

DOWNLOAD CJIS Compliance PDF

This checklist PDF outlines the 3 different paths to becoming CJIS Compliant in Florida (though many states utilize a similar process). Checklist 1 will walk you through becoming compliant internally. Checklist 2 will walk you through becoming compliant with a Cloud vendor that is not yet sponsored by a leading agency. Checklist 3 will walk you through how simple it is to become CJIS-compliant with a lead agency-sponsored vendor like Thrive.

Thrive is a leading provider of outsourced IT infrastructure. Thrive delivers comprehensive managed services and unmatched expertise to drive secure digital transformation. Thrive’s unique combination of industry experts, an automated technology platform, and the Thrive5 Methodology provides customers with a strategic advantage as they look to secure, scale, and succeed.

DOWNLOAD CJIS Checklist

Your firm’s IT goals need to result directly from your business goals – not the other way around. Think about it. When was the last time you actually considered how your business goals interrelate with your IT goals?

The right IT partner will be able to make the connection between your business needs and your technology needs. Be realistic about what your business goals are and communicate them clearly to your IT partner, who should be able to create a solid strategy tailored to your alternative investment business.

DOWNLOAD Our Buyer’s Guide Today!

Cybersecurity breaches and data privacy/transparency issues are on the rise. Notably, adapting to COVID-19 forced many companies to bypass certain cybersecurity controls,¹ which contributed to a 141% jump in breached records globally in 2020 compared to 2019.²

The SEC thus identified this as one of its 2021 priorities and has proposed rule amendments to improve cybersecurity risk governance disclosures.³

Thrive’s cybersecurity solutions can help secure both your data and your assets. Employing both proactive and preventative measures, our cybersecurity consulting and solutions reach well beyond typical reactionary support. Early detection means we’re able to stay ahead of growing and ever-evolving cyber threats—and protect your business. Cybersecurity is a sound investment in your firm’s future.

Taking a good hard look at your current cybersecurity posture now can help secure a solid future in many ways, including:

• Building investor confidence
• Gaining a thorough security vulnerabilities assessment
• Going into Investor audits fully prepared
• Ensuring ongoing financial regulator compliance

Early detection means you’re able to stay ahead of growing and ever-evolving cyber threats—and protect your business. To learn how our team can build customized cybersecurity solutions for your firm, contact us today.

1. Source: EY, October 2021, “How cybersecurity risk disclosures and oversight are evolving in 2021”
2. Source: Risk Based Security report, January 2021. Based on roughly 3,900 publicly reported breaches globally in 2020.
3. Source: The National Law Review, September 2021

By Christian Wilmot, Client Technical Manager – EMEA

Effective collaboration is critical for organizations pursuing digital transformation. Gartner estimates that almost 80% of workers used collaboration tools in 2021, up from just over half in 2019 — a 44% increase.

COVID-19 and the subsequent shift to a remote workforce have accelerated this adoption. According to Christopher Trueman, principal research analyst at Gartner, “a long-term hybrid workforce model, cloud-based, personal and team productivity technologies, along with collaboration tools, will form the core of a series of new work hubs that meet the requirements of various remote and hybrid workers.”

Microsoft has responded by enhancing the collaboration capabilities of Microsoft 365. The ubiquitous cloud-based service (formerly Office 365) now allows users to share and edit the same documents together — all in real-time.

Real-Time Co-Authoring

Many users have experienced a common roadblock when editing a document in Microsoft 365: “The document is locked for editing by another user.” This automatic message, a Windows file server version of control restraint, appears when multiple team members simultaneously require access or editing rights to the same documents.

With real-time co-authoring in Microsoft 365, once documents are in SharePoint Online or OneDrive, multiple team members can work on the same document at any time without affecting each other’s changes. All edits are automatically saved to the cloud.

Real-time co-authoring addresses many of the issues associated with server-based document collaboration. For example, it helps eliminate multiple document versions by reducing attachment sharing.

Microsoft’s co-authoring capabilities also provide a streamlined user experience. Users simply open and edit a document from Sharepoint; if another user also has the document open, both can edit it simultaneously.

When a document is saved, other users receive a notification that there are new edits and can view those changes immediately. SharePoint Server’s versioning and tracking tools allow authors to protect document integrity by rolling back any unwanted changes.

Instant Notifications With The @mention Feature

Microsoft 365’s @mention is another powerful collaboration feature. Users commenting on a document or presentation can add the ‘@‘ sign with another person’s name, and that user will then receive an email notification with a link to the document. This enables multiple stakeholders to comment or work on the document in real-time.

Reaping The Benefits of Real-Time Collaboration

Even though much of the workforce continues to work remotely (or in hybrid models), organizations are still seeing significant benefits from real-time collaboration. These include:

Enhanced Productivity. By collaborating on a single shared cloud-resident document, users can eliminate the confusion and needless communication associated with managing multiple document versions.

Improved Knowledge Sharing. Simplified collaboration allows teams to capture the knowledge and feedback from all team members, regardless of location. Broader collaboration creates more team ‘buy-in’ and typically yields more effective results.

Increased Job Satisfaction. Real-time collaboration supports a culture of inclusivity, especially for remote workers who may feel isolated from their teams.

Cost Reductions. Legacy collaboration methods often require physical infrastructure (equipment and office facilities) or travel. Virtual collaboration eliminates much of the cost and logistics associated with traditional teamwork.

Extended Reach. Digital collaboration tools allow users to easily collaborate with other teams, even outside their organization. This extended collaboration could include contractors, vendors, and customers.

Optimizing Your Microsoft 365 Collaboration

While Microsoft 365 provides powerful tools to increase your collaboration and productivity, proper setup, configuration, and user training are critical to getting the most out of the platform.

At Thrive, our team is uniquely qualified to help you optimize your Microsoft 365 environment. As a Direct Reseller of Office 365 products and Global IT leader, our team of experts can advise you on the products and services to generate efficiency and improve performance in your organization. Our tailored solutions and deep-domain expertise make Thrive an industry-leading, award-winning MSP to the alternative investment industry.

To learn more about optimizing Microsoft 365’s enhanced team collaboration, check out Mastering Microsoft Teams or contact us here.

Most CEOs and CFOs in the financial industry will tell you that cybersecurity isn’t cheap. And it’s true — a recent study by Deloitte found that, on average, financial services companies spend 10% of their IT budgets on cybersecurity. A commonly held view among executives is that cybersecurity spending is an expensive precaution. The challenge for IT professionals is to help reframe that discussion with their C-level team and position cybersecurity as an investment, not an expense.

Balancing the Rewards and the Risks

The first question many C-level executives ask when allocating budgets is ‘how will this help grow the business?’ For example, CFOs will invest in increasing production, acquiring new customers, or bringing new products to market faster. At the same time, they’ll seek to contain costs in areas that don’t directly contribute to the revenue line.

A second and equally important consideration is risk. CXOs will ask, ‘what are the circumstances that could prevent us from achieving our business goals, and how do we minimize or eliminate them?’

There are many nuances to the risk discussion. What is the nature of the risk? Security risks can run the gamut from vulnerabilities in cloud platforms, web applications and email services to bad actors exploiting your environment from within. Next, how likely are risk events to occur? What are the financial and operational impacts? What will it cost to address them? Finally, do the benefits of mitigating the risks outweigh the costs?

IT professionals should be prepared to have fact-based discussions with their executive team when reviewing cybersecurity requirements. Industry-specific data, such as the frequency and impact of cyberattacks or the cost of downtime, is always helpful.

Assessing Cybersecurity Risks for Alternative Asset Providers

Here are four industry-specific facts that will help position the security risk discussion with your executive team:

Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack. This finding from the Boston Consulting Group is echoed by the 2021 IBM X-Force Intelligence Report, which states, “Financial institutions experienced 23% of all attacks we analyzed in 2020, up from the 17% of attacks the sector experienced in 2019.”

The probability of a cyberattack is very high for financial services companies. A survey of the UK financial sector found that 70% of financial companies have experienced a cyber security incident in the past year.

The threat is escalating. Attacks targeted at the financial sector increased by 238% between February and April 2020, and ransomware attacks on the financial industry increased ninefold.

The costs are unbearably high. According to IBM, financial services cyberattacks in 2020 due to data breaches cost organizations an average of $3.86 million and took an average of 207 days to identify. Accenture projects that cyberattack on banks in 2020 and beyond will result in banks losing $347 billion, and capital markets will lose $47 billion by 2024.

Cybersecurity as an Investment

While the impact of cyberattacks is all too apparent for the financial industry, articulating the business benefits of cybersecurity can help C-level executives justify budget and resource allocations. These potential benefits include:

Reduced downtime. Ransomware attacks almost always result in downtime or service interruptions. A recent Ransomware Marketplace report found that the average ransomware incident lasts 16.2 days. Every organization calculates downtime costs differently, but for perspective, the Gartner Group estimates average downtime costs at over $300,000 per hour.

Brand Protection. No financial services company wants to be in the news for a services outage or significant data breach. A robust cybersecurity infrastructure can minimize the frequency and impact of attacks and help protect and elevate the organization’s brand.

Customer Retention. Effective cybersecurity protects a company’s greatest asset — its data. Customers are less likely to do business with an organization that has been compromised, and the reverse is true. If your company has an excellent cybersecurity track record, you’re more likely to retain and even grow your customer base.

Taking a Long-Term Approach

Aligning cybersecurity requirements with business objectives is only the first step in establishing an effective security infrastructure. Cyber threats are rapidly evolving, and external events can create new paradigms that impact security requirements.  Who would have thought two years ago that today, much of the financial workforce would be working from home?

It is essential to regularly assess your security strategy, priorities, and alignment with business objectives. Ongoing engagement with your executive team is critical, as is a proactive approach. Once a severe cyberattack impacts your organization, it’s too late.

Another proactive option for addressing risk is cyber security insurance. Also called cyber liability insurance, this is a policy that offers businesses a range of options to cover the expenses associated with data breaches and other cyber attacks. These can include costs for: recovering compromised data, lost income, notifying impacted customers, and restoring affected systems.

While cyber security insurance is not a solution that makes you whole, it will reduce potential expenses. Many cyber insurance plans also provide for pre-claim expenses to help mitigate a risk before it becomes an incident.

Partnering with a Trusted MSP

With the exception of larger funds greater than $8B AUM, most alternative investment firms operate without a CTO or CIO, and most funds under $30B AUM do not employ a CISO. Even those that do may not have the necessary in-house resources and expertise to develop and support a strong security infrastructure.

An experienced managed security provider (MSP) can offer services that you may not have the capability to carry out alone.  For example, vulnerability assessments can systematically review your environment for security weaknesses.  Penetration tests will evaluate your infrastructure by safely exploiting threats.  And risk remediation analysis (RRA) can reduce your susceptibility to a cyber attack from a range of tactics, techniques, and procedures (TTPs).

A valued MSP like Thrive NextGen is also well-versed in investor needs and concerns.  We help firms anticipate and respond to investor questions about cybersecurity and data protection requirements. Our experienced team has deep domain expertise in the alternative asset industry and can assist in aligning your security requirements with your business strategy and objectives.

With every decision, your C-level team must recognize and prioritize risk before you can reap the benefits. This is particularly true when assessing cybersecurity requirements. That’s why many leading alternative asset companies choose Thrive to help align business and cybersecurity requirements and keep their organizations secure.

Thrive offers the most effective, purpose-built solution for the alternative investment industry.  Contact Thrive for a free consultation about your cybersecurity strategy or to learn more about our CyberSuite offering.

By Ian Bowell, Head of Information Security – EMEA

Cybersecurity is now in the direct line of sight for executive management and boards in the alternative asset industry.  C-level executives have the power to act and ensure the investment in their IT strategy. An effective cybersecurity program can protect infrastructure against severe threats and eliminate potential reputational damage caused by bad actors.

A company board is charged with guiding and challenging the company’s senior leaders.  The board is in the right position to focus on opportunities in long-term, versatile cybersecurity planning.  A short-sighted, narrow plan of action should be challenged in this ever-changing landscape.

Board members have a strategic role to play in guiding opportunities for expansion and change in response to threats as well as challenging long-held assumptions.

Relevant questions are:

1. How are we responding right now to the threats affecting our industry?
2. Where does the leadership team see the business in 2025?
3. What can we do to move toward that vision?

However, it’s not so simple or complete. It’s a great step forward when top-level leadership is paying attention. There is still a lot to be done to quantify or address the risks in cybersecurity as well as demonstrate how an IT-based strategy can generate positive business outcomes. The investment is needed to raise the bar, and the wall, against the growing flow of vulnerabilities and opportunistic, well-planned hacking. Insider threat and exfiltration of data are other areas of concern with different indicators and protection tactics.

It’s great to recognize and identify the risk, but what should be done about it? What will happen if the board doesn’t act to fully eliminate or mitigate so many risks out there? There are two main approaches to evaluating cybersecurity requirements: maturity-based and risk-based and both are needed to function optimally.

Maturity-based approaches are great for a quick check across a very wide range of technical, and let’s not forget about physical, security challenges. Risk-based approaches are great for targeting specific prioritized areas, such as staff training, but one is not sufficient without the other.

Read more: Cybersecurity for a distributed workforce.

The maturity-based approach is necessary to cover all the ground and the risk-based approach can help prioritize the weakest areas, but both are needed to ensure a complete process. The maturity approach is useful when starting from scratch, or when facing a new environment, in need of assessment or update. The maturity approach also helps to feed the risk-based approach and roll up assessments across a company, enterprise, or organization with many entities, especially those recently acquired.

Often, a recent acquisition or series of acquisitions brings into focus the nature of cybersecurity as an investment risk, especially in the governance of ESG investors.  Here at Thrive Technology Group, we are partnering with our clients to help assess their cybersecurity risk and maturity ultimately leading to a positive impact on their investment portfolio.  Any firm in the alternative asset industry not sufficiently secure, and exploited by a cybersecurity attack, sees a significant market hit on the value of their company in the public and private markets. Thanks to mean reversion, this is also an opportunity for those ready to buy low and, subsequently, sell high, if the risk has been evaluated correctly.

Cybersecurity maturity changes over time, ideally improving from strategic planning by executive leadership and company boards.  The benefit of a cybersecurity training program or intrusion detection investment can jumpstart the path to a more secure future.  Thrive Technology Group is ready to take that first step with you in cybersecurity and be by your side for the journey.

Contact us to learn how you can succeed with Thrive.