Author Archives: Maria Koblish

Top 5 Observations from the 2023 Verizon DBIR

In 2023, it’s imperative to know what your business is up against in order to begin securing your data and ensuring the success of your business. With 83% of breaches involving financially motivated external actors, 74% involving a human element of social engineering attacks, errors, or misuse, and 50% (double of last year) of those social engineering attacks being pretexting incidents, it’s been time for organizations to pay attention and get ahead.

In the rapidly evolving landscape of cybersecurity, these stats are not just numbers but an indication of the rising severity of cybercrime. Staying ahead of the latest threats and vulnerabilities is paramount for organizations. The recently published Verizon Database Breach Investigations Report (DBIR) provides valuable insights into the importance of fundamental security measures. 

Below we will detail the 5 most important observations from the report and how the right cybersecurity services can assist organizations in addressing current and potential security failures; including the significance of unique passwords, multi-factor authentication (MFA), user training, timely patching, and more.

  • Combatting Business Email Compromise and Ransomware

Verizon’s DBIR reveals a concerning rise in Business Email Compromise (BEC) attacks, with a nearly 50% increase compared to the previous year. Protecting your organization starts with addressing the basics. Thrive offers comprehensive security solutions that enable the implementation of strong passwords, MFA, and user training programs to enhance resilience against BEC attacks and ransomware.

  • Prioritizing Timely Patching and Software Bill of Materials (SBOM)

The report emphasizes the importance of prompt patching, especially in the context of vulnerabilities like the Log4j vulnerability. Verizon highlights the significance of having a Software Bill of Materials (SBOM) to expedite vulnerability identification. Thrive’s advanced patch management system enables organizations to stay ahead by proactively addressing vulnerabilities. Our services offer enhanced response time and risk reduction associated with vulnerabilities.

  • Strengthening Security with Multi-Factor Authentication (MFA)

Stolen credentials and vulnerabilities account for almost 24% of breaches, as highlighted by Verizon’s report. Implementing MFA is crucial in safeguarding user accounts. Thrive offers a robust MFA framework, supporting various authentication factors, including password security, biometrics, and hardware tokens. By leveraging MFA, organizations can fortify their security defenses against credential theft and significantly reduce the risk of successful cyberattacks.

  • Cultivating a Culture of User Awareness and Training

End-user training plays a vital role in combatting cyber threats. Verizon emphasizes the need to educate users on identifying phishing and social engineering attempts as a second line of defense if and when systems fail. Thrive enables end users to have power over their data,  equipping employees with the knowledge and skills to recognize and mitigate potential threats. By fostering a culture of cybersecurity awareness, organizations can empower their workforce to be the first line of defense against cyber attacks.

  • Embracing Proactive Patch Management

Verizon’s report highlights the persistent challenge of delayed patching – with an average delay of 49 days, organizations of any size can’t risk that type of security gap. Thrive emphasizes the importance of a standardized patch cycle to ensure timely remediation of vulnerabilities. By leveraging our Vulnerability Management Solutions and patch management capabilities, organizations can proactively address vulnerabilities, reducing the window of opportunity for cybercriminals to exploit weaknesses.

The 2023 Verizon Database Breach Investigations Report re-iterates that while the flashy attacks attract the news organizations, the basics of using unique passwords, forcing users to use MFA, and training users to spot phishing and social engineering attacks will go a long way to protect your organization. As the threat landscape continues to evolve, Thrive stands ready to help companies go back to the basics while also being a trusted partner in navigating where to turn next in your security journey, such as an AI-enabled cybersecurity mesh architecture. Contact Thrive to set up a consultation and learn more. 

Police Departments Need to Partner with Private Sector Cybersecurity Experts to Thwart Attacks and Prevent Ransomware Crises

Law enforcement agencies are under attack. Increasingly they are a new favorite target for cybercriminals. Judicial entities and law enforcement agencies are having to defend themselves against faceless criminals to protect the highly sensitive data in their possession, including personal information on officers, civilians, criminals, judges, prosecutors, ongoing investigations, closed cases, and more. A breach of this type of private information is highly attractive for bad actors that want to leverage it for extortion, monetary gain, and other potentially devastating consequences like preventing officers from performing their duties effectively, influencing court proceedings, and ultimately jeopardizing the safety of individuals and communities. 

Security failures of this magnitude can result in significant liability and undermine the trust and confidence of constituents within these agencies, and their ability to function on behalf of the public. Cybersecurity teams within law enforcement agencies are under new and growing pressures due to an expanding vulnerability attack surface. The pace and complexity of these threats, the expanding number of point solutions, vendors, and increasing amounts of data make the entirety of a public sector CIOs effort harder to keep pace with.

Sprinkle in a dozen or more frameworks and continually evolving regulations that the public sector has to comply with, it quickly becomes impossible to ‘go it alone’ as a security strategy.

In particular, police departments are coping with a lack of internal training and protocols, outdated systems, and a historical shortage of IT personnel creating internal urgency to prioritize the protection of their classified data. Outsourcing data protection to a private sector cybersecurity expert is an effective, fast, and sustainable approach to combating cyber threats. 

Finding A Partner That Can Protect Public Sector Security Infrastructure

A managed service provider (MSP) can function like a cybersecurity SWAT team. From strategy development to solution implementation and maintenance, finding the right partner to help operations is essential, especially in light of the onslaught of attacks on the astronomical volume of sensitive data being generated by connected devices in an always-on world. A recent prediction shows the current 15 billion devices operating globally will balloon to 30 billion devices in 2030– all generating data, all allowing for infrastructure vulnerabilities. 

At Thrive, our cybersecurity experts can help law enforcement agencies effectively manage risks in a cost-efficient, timely manner. Through a comprehensive IT solution offering that includes multi-factor authentication, data encryption, and backup and recovery services, Thrive is proving essential to dozens of local and state police departments; preventing data loss and minimizing the impact of cyberattacks.

Thrive’s team of expert personnel has years of experience in cybersecurity and IT and provides round-the-clock monitoring and support, as well as regular vulnerability assessments and penetration testing, to identify any potential weaknesses and ensure that networks are protected before hackers can even strike. 

Protect and serve takes on new meaning.

Cyberattacks against federal, state, and local law enforcement agencies will continue to grow. Thrive’s cybersecurity experts are ready to help safeguard your networks and the communities you serve. Contact Thrive to learn more.

Riding Out the Storm: Protect Your Data With DRaaS this Hurricane Season

As hurricane season approaches, businesses face the daunting task of safeguarding their critical data amidst the potential chaos. The impact of hurricanes extends beyond physical damage, posing a significant risk to valuable data. With 13 named storms forecasted between June 1 to November 30, 2023, it’s important to think ahead of this hurricane season and consider acting proactively with Thrive’s Disaster Recovery as a Service (DRaaS)

Hurricanes unleash havoc, leaving a trail of destruction in their wake. However, it’s not just physical structures that bear the brunt; business productivity can also be swept away, no matter if operations are in-person, hybrid, or fully remote. According to Gartner, the average cost of network downtime comes out to about $5,600 per minute, adding up to around $300,000 per hour. The financial implications of losing vital business data during a hurricane are a nightmare no organization wants to face.

Disaster Recovery as a Service, or DRaaS, comes to the rescue when the storm hits and a fast resumption of IT services is needed. Disaster recovery services act as a reliable guardian, ensuring the safety and availability of your data, even in the face of adversity. How does it work? DRaaS leverages automated processes to replicate your data and infrastructure in secure off-site locations, away from the hurricane’s path.

Why DRaaS Is Essential during Hurricane Season:
  • Swift Recovery: Time is of the essence during a crisis. DRaaS facilitates rapid recovery by offering near-instantaneous failover, enabling your business to resume operations swiftly and reduce downtime tenfold.
  • Data Integrity: Hurricanes pose a threat not only to physical infrastructure but also to data integrity. DRaaS ensures continuous data backups and storage in multiple locations, safeguarding your information and facilitating seamless recovery, even in the event of severe on-premises damage.
  • Cost Savings: The financial impact of hurricanes can be severe, with substantial post-disaster expenses. Adopting DRaaS not only protects your data but also your bottom line. By eliminating the need for costly hardware and infrastructure, as well as minimizing downtime and data loss expenses, DRaaS provides significant cost savings.
  • Compliance and Trust: In a data-driven world, regulatory compliance and maintaining customer trust are paramount. DRaaS solutions often incorporate built-in security measures and encryption protocols, ensuring data security and enabling compliance with industry standards and legal requirements.

Preparedness in the wake of hurricane season means safeguarding your data. With its ability to facilitate swift recovery, ensure data integrity, provide cost savings, and ensure compliance, Thrive’s DRaaS emerges as a critical tool in protecting your data during hurricanes and other disasters that may hit. By working with you to understand your Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), the Thrive team can craft the right DRaaS solution for your business. 

Secure your data with DRaaS and fortify your business against the storms of uncertainty, contact Thrive today

State & Local Governments Respond to ‘Live’ Outlook Security Flaw

Last month, Microsoft Threat Intelligence discovered a security vulnerability in Microsoft Outlook for Windows that could allow hackers to steal user login credentials when they access email from an unsecured network, such as the Internet. This vulnerability is related to a technology called LAN manager (NTLM) that is used to manage login information. 

After sounding an alarm for live exploitation of the Outlook security flaw, Microsoft said it traced the exploit to a Russian APT targeting a limited number of organizations in government, transportation, energy, and military sectors in Europe. Microsoft’s Security Response Center (MSRC) did publish mitigation guidance and offered a CVE-2023-23397 script to help with audit and cleanup in response to the severity of the issue. “We strongly recommend all customers update Microsoft Outlook for Windows to remain secure,” Microsoft said.

A zero-day vulnerability means that the issue was detected while it was already live and potentially exploitable, meaning there are “zero days” for an organization to find a solution because it is already a real threat. As with most cybersecurity vulnerabilities, the impact is rarely isolated to one continent. Though Europe may have been targeted initially, local and state governments in the U.S. and Canada warned that the “critical zero-day vulnerability” recently discovered in Outlook could allow hackers to access email accounts and exfiltrate sensitive government data such as emails, attachments, and other confidential information if not addressed urgently. 

While Microsoft has released patches to address the vulnerability, local and state governments that have not yet applied these patches remain at risk. With limited resources to devote to cybersecurity and lagging internal response times compared to the private sector, Thrive is seeing more public sector interest in cloud adoption, where municipalities are looking to store sensitive data on a private cloud server, while using public for more routine communications like email. 

  • A 2020 survey conducted by the National Association of State Chief Information Officers (NASCIO), 49% of state CIOs reported that their state government had adopted a cloud-first strategy for IT service delivery. 
  • In addition, the survey found that 77% of state CIOs reported that their state government had moved at least some of their IT services to the cloud. 
  • According to a 2019 email security report, Microsoft Exchange Server was the most commonly used email system among U.S. government organizations. The report found that 68% of all government organizations surveyed used Exchange Server, while 21% used Office 365 (which includes Exchange Online). 

Shifting to cloud-based email is particularly appealing for state and local governments –  cost savings, improved scalability and flexibility, reduced maintenance requirements, are all attractive incentives. However, in light of the bombardment of cyber attacks and an ever-expanding attack surface as government organizations embrace more and more IT modernization tools, cloud offers cybersecurity features like multi-factor authentication, data encryption, and advanced threat detection capabilities.

Thrive has dedicated 24/7 security teams that monitor email systems for potential threats and is equipped to respond in real-time; versus having to reassign internal teams to troubleshoot the latest vulnerability. With a trusted partner that takes responsibility for security, maintenance and updates (like adding or removing users since local and state governments experience frequent fluctuations in staffing needs), the latest cyber “Exploit” to make headlines quickly becomes yesterday’s news.

Celebrating World Backup Day

Cybersecurity threats are increasingly sophisticated and frequent, and the impact from these attacks keeps rising. With more data sources than ever, cybercriminals are stealing more records than ever – billions annually – to sell and to use for extortion. Among highly targeted nations, the U.S. has the highest average total cost of a data breach.

As technology evolves, we generate more and more data, and the management of that data becomes more critical. With around 4.66 billion active Internet users worldwide, the data produced daily surpasses the imagination: 2.5 quintillion bytes of data were created every day in 2020. That is equivalent to 10 million blu-ray discs, which when stacked would be as tall as two Eiffel Towers combined. (Dihuni, 2020). 

Stored data grows 5x faster than the world economy. Yet, many of us neglect the very premise of data management, whether it’s family photos from a trip taken seven years ago or enterprise data like confidential emails and databases, 21% of people have never made a backup. Technological innovation has made it so data is the currency that runs the world. 

Data loss can occur in many different ways, from hardware failures to cyber-attacks. The fact is, this data loss can have a devastating impact on both individuals and businesses. Personal data loss can lead to the loss of precious memories, while business data loss can lead to significant financial loss, reputational damage, and even legal consequences. That’s why backing up your data is so important.

Regardless, people still need a reminder. World Backup Day, celebrated annually on March 31st, is a day dedicated to raising awareness about the need for data backup and protection. It’s a day for us to stop and think about our data, where it is stored, who has access to it, and what would happen if it were lost.

In celebration of this day, we could all use a refresher – back up your data by creating a duplicate copy and storing it in a separate location, so that if the original data is lost, you can recover it. There are different ways to backup your data, from cloud-based storage solutions to external hard drives. 

A data backup is just one part of the equation. It’s also essential to ensure that your data is protected from hackers and breaches to the best of your ability. This means using strong passwords, regularly changing those passwords, and limiting access to sensitive information.

On World Backup Day, take the time to review your data backup strategy and make sure that your data is protected. Ask yourself:

  • Do you have a backup plan in place?
  • How often do you back up your data?
  • Where do you store your backup data?
  • Who has access to your data?
  • Do you use strong passwords to protect your data?

If the first bullet above seems daunting, there’s no need to fear. Thrive can help with solutions to take care of your data so you don’t have to. Thrive’s implementation of hybrid cloud solutions, cybersecurity data protection, and when all else fails, Disaster Recovery as a Service, ensures your business’ data is locked up 24x7x365 rather than just on this one important day. 

So, a Happy World Backup Day! And contact Thrive so we can help identify where the gaps are in your current security posture and put you on a path to better data management.

Cloud Trends in Financial Services

Most financial institutions today have a presence in the cloud, but adoption in the financial-services sector is still at a relatively early stage. Among the financial-services leaders who took part in a recent McKinsey survey, only 13 percent had half or more of their IT footprint in the cloud. But migration to the cloud is gathering momentum as the industry embraces digital transformation in order to remain competitive. At Thrive, our financial services customers are embracing everything from:

  • AI for task automation, fraud detection, risk reduction, and investment advice; 
  • Blockchain technology to create more secure and efficient payment systems; 
  • Digital identity solutions like biometrics and machine learning to verify customer’s identities and reduce fraud;
  • Open Banking that allows customers to share their financial data with third-party providers to cutting-edge financial products and payment services;
  • Mobile banking that allows customers to use their smartphones to manage their finances;
  • Managed cloud services that enable a more cost-effective and expert approach to infrastructure management, data management and analytics, security and compliance, disaster recovery and business continuity 

Despite the huge value potential in the cloud, financial institutions have been tentative about moving to cloud at scale. There is good reason for this hesitancy, since cloud migration can be uniquely complex for financial institutions. Often, the IT landscape at financial institutions is particularly varied, with decades-old applications running alongside more modern systems. 

Financial services firms have unique requirements for cloud solutions; for example, they must comply with strict regulations related to data privacy, security, and retention. They also need to ensure that their cloud solutions are resilient and can handle high volumes of transactions with low latency.

To meet these requirements, firms are seeking specialized cloud solutions that are specific to the industry with features such as enhanced security and compliance controls, real-time data processing, and analytics capabilities. For example, security issues pose a 24×7 risk to financial services firms and regulatory requirements demand that a firm’s data is logged, monitored, analyzed and reported upon as it passes through a complex network of IT infrastructure and applications.

As cloud adoption increases, our clients are battling a shortage of internal IT staff expertise to manage certain complex cloud services offerings, and in particular, cybersecurity. Increasing demand for managed SIEMaaS, Security Information and Event Management as a Service, is a result of firm’s clamoring for a centralized view of their security posture and the ability to detect and and respond to security threats in real-time. Given the onslaught of modern security needs, SIEMaaS is more cost-effective than trying to manage an in-house security operations center.

Knowing what to keep on-premise, and what IT ops belong in public cloud vs. private cloud, is overwhelming. What often follows is a piecemealed cloud migration strategy that ends up becoming a huge barrier to capturing the full value of a firm’s cloud investment. 

The concerns we hear most from clients are actually reasons to work with an expert managed services provider like Thrive. They include: 

  • Data Security: the handling of sensitive data and compliance with strict regulations to protect that data from breaches and cyber attacks
  • Compliance: numerous regulations, such as GDPR and PCI DSS, require data storage and processing in a specific way. Moving to the cloud may require new compliance measures, such as audits and certifications, which can be time-consuming and costly
  • Integration: complex legacy systems that need to be integrated with cloud-based solutions requires significant internal resources and expertise to ensure a smooth changeover
  • Cost: upfront costs as firms upgrade infrastructure and try to hire new staff, and ongoing costs for data storage and network fees
  • Skills Gap: moving to the cloud will require new in-house skills, such as cloud architecture and DevOps

A 2020 survey by Deloitte found that 90% of financial services firms in North America were using some form of cloud services, with 51% using public cloud services and 38% using private cloud services. The benefits of managed cloud services stretch far beyond reducing operational costs, compliance and higher levels of reliability.

Today, data security in financial services is a critical concern. Firms must carefully evaluate managed cloud services providers to ensure that they have the necessary security and compliance controls in place, such as access controls, encryption, and threat detection, as well as their compliance with regulations such as GDPR and PCI DSS.

Thrive’s financial services-tailored cloud and cybersecurity expertise spans these industry-specific challenges. Our world-class team has decades of financial services experience and understands the unique complexities that organizations face each day from investors, regulators, and customers. 

Alleviating Cyber Debt in the Healthcare Industry

The healthcare industry continues its reign as the number one cyber attack target. For 12 consecutive years, the healthcare industry has incurred the highest breach-related financial damages of any industry with an average cost of $10.10M per incident. Attacks on Trinity Health and Scripps Health, for example, are two of the largest data breaches in history and reveal just how vulnerable PII and PHI data really are. 

Healthcare in the U.S. is a massive expenditure, accounting for more than 18 percent of the United State’s gross domestic product (~$3.5 trillion). With a growing and aging population and an increasingly complex network of companies and healthcare institutions working together and sharing information, hackers do not have to look very hard for rewards. With the COVID-19 pandemic, further vulnerability ensued as the industry was forced to operate beyond the walls of a doctor’s office and hospital: primary communications shifted to email and text in some cases, and doctor’s visits turned into virtual appointments. This sudden shift to remote, digital operations opened a new and vulnerable flank in an industry trying to accommodate the urgent needs of patients. 

Outdated systems, a shortage of IT staffing and protocols, and life-or-death scenarios often create conditions that leave patients and staff exposed to data-targeting attacks. The follow-on consequences, such as a pressing need to pay ransoms quickly to regain patient data, only encourage bad actors to target the industry more. 

Due to the existing patchwork security vulnerabilities within the industry, healthcare providers and facilities are likely to, if not already, incur cyber debt. Cyber debt is the amount of unaddressed security vulnerabilities that accumulate in an organization’s IT infrastructure, usually as a result of the implementation of new systems and technologies over time. It emerges through the improper management of sensitive data and assets. Specifically, outdated systems that have far too few staff and protocols to maintain basic hygiene like updates and patches.

A CyberArk 2022 Identity Security Threat Landscape Report found that less than half of cybersecurity decision-makers have identity security controls in place for their business-critical applications, while 79 percent agree that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months. These are negligent – yet all too common – practices that have the potential to rack up cybersecurity debt in any industry, not just healthcare. 

When considering the kinds of information that is at stake, such as medications, diagnoses, medical histories, etc., these outdated practices cannot continue. In the court of public opinion as well as the law, liability judgements are becoming increasingly costly and holding executives personally liable.  

Eliminating risk altogether is impossible, however investing wisely in threat mitigation is possible and a vital step in deterring an attack. For most providers, partners and businesses serving the healthcare industry, the most efficient way to tackle cyber debt is by partnering with a managed service provider (MSP) like Thrive that is familiar with the challenges faced by healthcare organizations. Thrive’s comprehensive IT outsourcing services can eliminate gaps in security and enable internal technology teams to focus on quality of care for patients instead of scrambling to recover their personal data.

With glaring holes in security operations across the healthcare industry, Thrive has the expert resources to augment your over-extended cybersecurity team and modernize your security posture to better prevent and mitigate cyber attacks, create a disaster recovery plan, and help ensure compliance with HIPAA, HITECH, and other compliance regulations. 

Learn more about Thrive’s leading healthcare MSP practice and how our security-first NextGen Managed Services can help your organization in our latest cybersecurity white paper.

It’s Time to De-Risk with Microsoft 365

Recently, there was a security incident that forced Rackspace to shut down its hosted Exchange environment for an extended period of time. The mitigating solution was to give customers free access to Microsoft 365 for email services. The belief is that the security failure stemmed from known vulnerabilities affecting Microsoft Exchange (which Microsoft confirmed and later linked the attacks to a nation-state hacker group.) 

Security experts are seeing a significant number of Exchange servers getting “backdoored” by malware that lets threat actors maintain update-resistant and “stealth” access to the IT infrastructure of a targeted organization. Despite its long-held reputation as a reliable on-premise workhorse for email that allows for total administrative control, many of our clients are starting to see this beloved server as legacy technology. Exchange has limitations that become more noticeable as companies migrate to the cloud, namely, modern authentication and other security features that are unavailable in Exchange environments.

There is no business strategy without a cloud strategy.

The lasting business shift to remote and hybrid work has prompted slow adopters to finally embrace the cloud. Some statistics show nearly 90% of organizations have adopted the cloud for at least some of their business applications, though it appears that for some, the decision to let go of their legacy or hosted email system remains a challenge.

The major benefits of migrating to Microsoft 365 can be broken down into three categories:

  • End-user productivity
  • Security and compliance
  • Scalability and cost-efficiency

Growing companies need more than just email. Around 80% of Fortune 500 companies have already undertaken data migration to Microsoft 365, and start-ups to medium-sized organizations are now following this trend. Smaller organizations are implementing Microsoft’s productivity suite into their everyday operations and utilizing its set of tools to drive business productivity at a flexible, calculable cost.

… and Re-Think Productivity.

Cost reduction is frequently cited as the core driver for migration plans, however there are many arguments in favor of taking the leap to the new Microsoft 365 including an array of novel tools, product updates, and the opportunity for new workflows and routines. Yes, migration can be a complex task, but it’s one that brings many benefits:

  • Upfront cost certainty 
  • Preserves business agilily
  • Enhances organizational communication
  • Boosts employee productivity and reduces downtime
  • Streamlines IT operations

And there is no need for Capex spend on hardware, software, data center space, ever. Here are some additional benefits for your in-house IT department:

  • Flex user count up or down very quickly
  • More times than not the mailbox size quota is substantially greater with Microsoft 365
  • No need to audit MS licensing, as all licenses are included
  • No need to patch or keep servers up to date
  • No need to patch or update Office versions
  • Users are spread out among many servers so a single server outage does not impact all users
  • Guarantees compliance with industry-specific, local, and national regulations, such as HIPAA, SOC 1, 2, & 3, ISO/IEC 27001, CIS Benchmarks, CDSA, and more
  • Faster onboarding with Thrive Customer portal integration

How can Thrive’s Cloud-First, NextGen Managed Services help your business? To discover more, please CONTACT US.

What Does the SEC’s New Cybersecurity Rule 206(4)-9 Mean for Investment Advisors and Private Funds?

Cybersecurity Rule 206(4)-9 for investment advisers and private funds is expected to be finalized April 2023 according to the SEC’s 2023 regulatory agenda.

Proposed in February 2022, the rule is designed to promote a more comprehensive framework to address cybersecurity risks for advisers and funds, including their ability to effectively respond and recover from a cyber incident, while also strengthening investors’ confidence in the security of their investments. The proposed changes impact disclosure requirements, include a mandatory 48-hour incident reporting requirement, and establish new record keeping requirements for advisors and funds that are designed to improve the availability of cybersecurity-related information and help facilitate the Commission’s inspection and enforcement capabilities.

How will your cybersecurity program perform during its next regulatory audit?

Financial organizations, such as banks, investment firms, private equity firms, wealth management firms, hedge funds and more are facing new and growing market pressures, technology disruptions and cyber threats, seemingly on all fronts. Thrive has decades of experience working with financial services firms worldwide building risk mitigation and compliance programs that help companies protect their data and grow their business.

Our Financial Operations Platform helps our clients by making it easier to navigate regulatory processes and meet standards – on time – thanks to its simplified compliance reporting capabilities.

A member FS-ISAC, Nicsa and AIMA, Thrive is here to help your firm navigate the complex world of financial services technology and regulatory best practices to improve data security posture while generating value to your business operations. Our consulting team provides assessment services specifically tailored to evaluating registered investment advisors – contact us today to learn more.

Tipping the Scales: Thrive’s 2022 Growth & Momentum

It’s been an incredible year of growth and progress at Thrive! To our expanding team of colleagues in offices around the world, a warm thank you for your dedication to our customers and for making Thrive thrive in a business climate that has been unpredictable (to put it mildly.) With that in mind, we want to share some 2022 business highlights and sprinkle a few more reasons to be joyful as we carry on into 2023.

Thrive’s position as a leading global technology provider was strengthened in 2022. Demand from small and mid-sized businesses in need of our end-to-end managed services to help drive their secure digital transformation climbed steadily across multiple industries. It is a sign of the times. According to IDC, for the first time ever, the majority of enterprise organizations (53%) now have an enterprise-wide digital transformation strategy which is a 42% increase from just two years ago. 

When clients come to Thrive for help, they’ve often just paid for a custom or off-the-shelf solution that doesn’t fit the realities of their business and the lasting headache of unwanted “technical debt” in the form of maintenance, aging software, updates, migrations, and service packs. These “solutions” end up being expensive paths to nowhere. 

With a growing consensus that digital transformation is an ongoing process — one that needs to adapt and evolve as technology, people, and businesses change – Thrive is very well positioned to help its customers along this journey in 2023.

Here Are a Few of Our Favorite Things from 2022:


  • Thrive acquired six managed services providers in 2022. We welcome InCare Technologies, Preemo, SouthTech, and DSM in the U.S., and Edge Technology Group and Custard in the U.K.
  • Our workforce is now represented by more than 1,000 employees based in the U.S., U.K., Australia, Singapore, Hong Kong, and the Philippines.
  • We welcomed two new members to our leadership team: Bill McLaughlin becoming President and Richard Gardiner as EVP of Global Marketing. 
  • Thrive welcomed 130+ new customers in 2022.
  • Sales and agent revenue had impressive, double-digit increases. 

Key Investments

  • We made a significant investment to upgrade our 24x7x365 eyes-on-glass Security Operation Center (SOC) by integrating a Security Orchestration, Automation, and Response (SOAR) engine to significantly reduce incident response times for client threats and provide higher quality information for the Thrive SOC to combat intricate cyber risks in real-time. 
  • ThriveCloud opened its ninth in world-class SOC 2 Type II certified data center, located in Atlanta, GA

Industry Awards

Thank you for your commitment and hard work. And Cheers! to a prosperous 2023!