As AI technology continues to advance at an unprecedented rate, UK businesses face a new and formidable challenge in cybersecurity. A new wave of threats has arisen, posing substantial risks to companies of all sizes. In this article, we’ll explore the emerging AI-generated threats, their devastating impact, and how they mainly affect companies like yours.
What does the NCSC have to say?
In its January 2024 assessment, the NCSC stated that AI will almost certainly impact cyber-attacks, and here’s how. The organisation shows that, in the near term, AI will mainly provide malicious actors with the capability to scale up their social engineering tactics, communicating directly with victims to manipulate them into handing over details or funds. This includes creating “lure documents” without the grammatical translation faults that often ring alarm bells in the victim. They also state this will likely increase over the next two years as models become popular.
AI’s capacity for rapid data summation will also enable cybercriminals to identify businesses’ high-yield assets, which will likely enhance the impact of their crimes. According to this report, hackers (including ransomware) have already been using AI to increase the efficiency and impact of their attacks. Attackers can go deeper into networks with the help of AI-enhanced lateral movement, assisting with malware and exploit development.
However, for the next 12 months or so, human expertise will continue to be needed in these areas, meaning that any small uptake in this threat will be limited to very skilled hackers. Beyond this, experts envisage that malware will even be AI-generated to circumvent current security filters in place. It’s also very realistic that highly capable State Actors have repositories substantial enough to train an AI model for this.
As we enter 2025, large language models (LLMs) and GenAI will make it extremely difficult for any businessperson, regardless of your cybersecurity understanding, to spot spoofs, phishing, or social engineering attempts. We can already tell from this report that the time between security updates being released and hackers exploiting unpatched software is steadily decreasing. The NCSC warns that these changes will “highly likely intensify UK cyber resilience challenges in the near term for the UK government and the private sector.”
Potentially catastrophic results
Time and again, we see how more sophisticated attacks are storming even Britain’s most protected infrastructures. Just last year, as previously reported, hackers accessed sensitive UK military and defence information and published it on the dark web. Thousands of pages of sensitive details regarding max-security prisons, Clyde submarine base, Porton Down chemical weapons lab, GCHQ listening posts and military site keys were revealed to criminals, gravely compromising critical infrastructure.
In the same period, we saw cyber-criminals strike the NHS, revealing details of more than a million patients across 200 hospitals, including NHS numbers, parts of postcodes, records of primary trauma patients and terror attack victims across the country. The actors responsible are still unknown despite extensive specialist analysis. This is similar to the previous year’s attack, leaving the NHS with a devastating software outage, impairing NHS 111, community hospitals, a dozen mental health trusts, and out-of-hours GP services. This incurred considerable safety risks for the British public,
such as incorrect prescriptions and the inability of mentally unwell patients to be correctly and professionally assessed.
In January this year, the UK government released a policy paper introducing the “AI Safety Institute” concept. This paper mentions AI being misused in sophisticated cyber-attacks, generating misinformation and helping to develop chemical weapons. It also mentions experts being concerned with the possibility of losing control of advanced systems, with potentially “catastrophic and permanent consequences.”
AI development out of control
It also admits that “At present, our ability to develop powerful systems outpaces our ability to make them safe.”, adding to already existing concern for the safety of AI. While it pledges to develop and conduct evaluations on AI systems to minimise existing harms caused by current systems, this still needs to take away from the need to be vigilant regarding this ever-evolving new technology. Another government paper, “Safety and Security Risks of Generative Artificial Intelligence to 2025,”lists the most significant AI risks for 2025 are cyber-attacks (more effective and more substantial scale as previously mentioned, using enhanced phishing and malware); increased digital vulnerabilities as GenAI integrates into the critical infrastructure and brings forth the possibility of corrupting training data or ‘data poisoning’; and erosion of trust in information as GenAI can create hyper-realistic bots and synthetic media or ‘deep fakes.’ The government assesses that by 2026, synthetic media could make up a substantial portion of content online and risks eroding public trust in media outlets and governments. This issue needs to be solved by any means.
How UK businesses are affected
For a business, the uncontrolled development and use of AI systems raise concerns about access security to company systems, data integrity and protection of IP, patents and brand image. Medium-sized SMEs often operate with tighter budgets and leaner IT teams, making it a challenge to invest in comprehensive cyber solutions or know where to start. According to the NCSC, “SMEs are often less resilient to cyber-attacks due to a lack of resources, skills and knowledge.”
Cyber-criminals are wise to this and target businesses of this size with tailored attacks such as AI-enhanced phishing correspondence. In fact, according to the 2024 Sophos Threat Report, over 75% of customer incidents handled were for small businesses. Data collected from SME business protection software indicates that SMEs are targeted (mostly with malware) daily.
Fortunately, hackers’ use of AI is still at an early stage and is bound to become increasingly sophisticated as it continues to develop at its current rapid speed. There is still time to protect you and your business, and the Thrive team is highly experienced in guiding and supporting SME businesses every step of the way. Contact us today.
Thrive Spotlight: David Bloomer – Director, Technical Advisory Services – New York Financial ServicesWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is David Bloomer, Director, Technical Advisory Service – New York Financial Services. In his position, he leads a team of Virtual Chief Information Officers who provide services to our clients. He also works directly with clients to provide strategic advisory guidance, technology business reviews, and technology executive leadership. In addition, David works closely with the Thrive Advisory Services leadership team to shape and improve our Advisory Services practice.
He lives just outside of New York City in Union County, New Jersey and works out of our Mid-Town NYC office. David has been married to his wife for 17 years and they have three children, ages 7,10, and 12, and one dog named Charlie. They love sports and all his children are on competitive swim teams, so outside of work he spends a lot of time at swim meets.
Hi David! Can you tell us about your background and how you came to Thrive?
I have always been interested in technology and knew from an early age that I wanted to work in that field. I started working for Precision IT, a small MSP in New York City shortly after graduating from college. Starting at a smaller company provided me with an opportunity to learn about multiple roles within a company and I was able to develop my technology and business skills quickly. I also quickly learned the importance of mentorship within my career. I have been working as a Technology Consultant in New York City for nearly 20 years and have held many roles in engineering, networking, solution design, IT service management, account management, project management, security, and executive functions. Thrive acquired Precision IT 6 years ago and I have continued with the company since the acquisition.
Where did you go to school or get training?
I got a Bachelor of Science degree with a focus on Computer Information Systems from Roger Williams University. After college, I continued technology training, earning multiple certifications. One of the highlights in my college career was having the opportunity to study abroad in Florence, Italy for a semester. I love history and it was great spending an entire semester learning about the Italian Renaissance.
What do you most enjoy about working for Thrive?
I enjoy the people I get to work with and the clients I get to help. I have worked with some of my coworkers and clients for nearly 20 years and have built great relationships with them. It is great getting to meet our clients and learn more about their company. I also enjoy following and learning about the latest technology and technology trends.
Are there any recent exciting projects at Thrive you can tell us about?
Throughout the last year, I have worked on several challenging and successful projects. I have helped clients improve their security, upgrading their remote access solution, implementing a new support model, office expansion and relocation projects, and Cloud upgrade and migration projects.
Are you interested in learning more about Thrive? Click here!
Don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Regional Bank Leverages Thrive’s NextGen Cybersecurity Solutions to Support External Audits and Regulatory Examinations Download Now
Challenge
Dedham Savings, a regional bank with nine branches in the Boston Metro area, offers a large portfolio of services, including checking and savings accounts, credit cards, mortgages and loans, all of which can be accessed and managed by its clients through both online and mobile banking platforms. With so many IT functions to support, the Dedham Savings executive team was looking for a cybersecurity partner with the expertise to handle the highly-regulated patching process to free up internal resources to focus on other IT initiatives.
Solution
After Thrive’s Security Analysts met with Dedham Savings and conducted a thorough evaluation of the bank’s requirements, it was clear that Thrive’s Advanced Enterprise Patching Plus service was what the bank needed. Thrive specializes in supporting the financial services industry and the team is very well versed in how a comprehensive and detailed patching process improves the chances of clean external audits and regulatory examinations.
An option within Thrive’s Advanced Software Patching service offering, Advanced Enterprise Patching Plus, provides proactive remediation of security vulnerabilities through scheduled vendor updates to operating systems and other software applications. Thrive’s engineers test and validate patches before they are applied to the client’s servers and end-user workstations, and apply the updates during scheduled patching windows.
Result
By leveraging Thrive to handle the patching process, Dedham Savings has been able to free up its team members to focus on other business initiatives. In addition, Thrive has significantly decreased missing patches, decreased the overall time for the patching cycle and provided detailed reporting on patch updates for external audits and regulatory examinations to improve overall operational performance and efficiency.
“Dedham Savings was faced with several IT initiatives that required our internal resources, so we needed a trusted partner that had the experience, resources and expertise to be an extension of our team and take the lead on our bank’s patching process. We have been very pleased with the professionalism and expertise of the Thrive team, giving us peace-of-mind that we have a trusted cybersecurity partner to take on this responsibility.” ~ Victoria Graves, Senior VP & Chief Information Officer
About Thrive
Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.
Thrive Empowers Exo to Scale Securely in the Utilities Vertical Download Now
Exo, a private equity-backed organization that provides inspection, remediation, and engineering services to ensure the reliability and resiliency of critical infrastructure for utilities and over half of the top ten U.S. retailers. This case study outlines how Thrive, a trusted technology partner, assisted Exo in enhancing its cybersecurity resilience and optimizing its IT infrastructure to support future expansion.
The Challenge
Exo needed to bolster its cybersecurity defenses amidst rapid growth. The organization aimed to streamline IT operations to allocate resources strategically while ensuring robust security measures. Exo was deciding between backfilling an in-house IT position or using a third-party partner capable of supporting its cybersecurity and IT management needs.
Why Thrive Was Chosen
Exo selected Thrive for its proven track record in supporting PE-backed ventures and its forward-thinking approach to cybersecurity. Thrive’s extensive experience and innovative solutions perfectly aligned with Exo’s diverse IT requirements, spanning various ecosystems including Microsoft 365, AWS cloud servers, and critical network infrastructure. What genuinely set Thrive apart was its unique ability to consolidate management of hardware, software, and cybersecurity services under one umbrella. This comprehensive approach not only streamlined Exo’s operations but also provided unparalleled protection, offering Exo the peace of mind needed to focus on its core business objectives while ensuring robust cybersecurity measures are in place.
“Thrive allows us to concentrate on our core business objectives without being bogged down by the less critical tasks that can often divert our attention. In essence, Thrive’s support allows us to focus on what truly matters, making them an invaluable asset to our organization,” said John Ross, CIO at Exo.
Strategic Deployment of Advanced Security Measures
Thrive prioritized security and scalability by deploying advanced endpoint security, robust backup and disaster recovery services, and innovative cybersecurity solutions for Exo This proactive approach minimized cybersecurity risks and downtime, ensuring uninterrupted operations. Implementing an Endpoint Detection and Response (EDR) program bolstered endpoint protection while ensuring reliable and scalable VPN capability. Cybersecurity training empowered Exo’s team to recognize and mitigate threats effectively. Thrive’s comprehensive approach and vigilant monitoring through its SOC and NOC allow Exo to focus on core objectives with peace of mind. These features were swiftly integrated, providing immediate benefits.
Thrive’s Impact
Thrive’s partnership kick-started Exo’s projects with remarkable efficiency and expertise. What would have taken Exo a year to achieve, Thrive accomplished in almost 60 days, a testament to their commitment and capability to deliver results with precision and speed. Partnering with Thrive elevated Exo’s capabilities, instilling confidence in meeting customer demands through round-the-clock monitoring and cutting-edge tools. Thrive’s infrastructure and cybersecurity support freed up resources, allowing Exo to focus on value addition. “Thrive enabled us to focus on adding value through analytics and automation by providing infrastructure and cybersecurity support without needing a full-time team. It’s the best of both worlds,” said John Ross, CIO at Exo. Overall, Thrive’s partnership significantly impacted Exo’s operations, providing invaluable peace of mind as it navigates its growth journey.
“Thrive functions as our MSP and offers robust cybersecurity services under one umbrella. This integrated approach provides peace of mind, knowing that our hardware, software, and cybersecurity are all expertly managed and protected by a single trusted partner. Thrive’s ability to fulfill all our requirements within one solution made them the clear choice for us.” ~ John Ross, CIO, Exo
About Thrive
Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.
The Essential Role of Data Organization for Accurate Results from Microsoft CopilotIn today’s digital era, leveraging advanced tools like Microsoft Copilot can significantly enhance productivity and decision-making. However, the accuracy and effectiveness of these AI-driven solutions are heavily dependent on the quality and organization of the underlying data. This blog post delves into the critical importance of data organization for extracting accurate and reliable results from Microsoft Copilot, offering insights and strategies to maximize its potential.
Understanding Microsoft Copilot
Microsoft Copilot is a cutting-edge artificial intelligence tool designed to assist users in navigating complex data landscapes, generating insights, and automating tasks. Integrating with Microsoft’s suite of products offers a seamless experience in data analysis, content creation, and more. However, like any AI system, Microsoft Copilot’s performance is directly linked to the data it processes. This highlights the necessity of proper data organization.
The Pillar of Accuracy: Data Organization
Data organization involves structuring and managing data to be efficiently accessed, analyzed, and used by software and humans. Here’s why it plays a pivotal role in achieving accurate results from Microsoft Copilot:
Enhances Data Quality
Well-organized data improves the quality of the information being processed. By ensuring that data is accurate, consistent, and up-to-date, Copilot can generate more reliable outputs. This is particularly crucial for businesses relying on data-driven decisions.
Facilitates Data Accessibility
Data organization makes it easier for tools like Copilot to access necessary data promptly. A well-structured dataset allows the AI to parse through information efficiently, leading to quicker and more accurate results.
Reduces Data Complexity
Organizing data helps simplify complex datasets, making them more manageable for AI tools. Copilot can more easily identify patterns and insights by categorizing and cleaning data, enhancing its analytical capabilities.
Supports Data Integration
Organization is key to integration in an environment where data comes from multiple sources. Properly organized data can be easily merged, allowing Copilot to provide comprehensive insights by analyzing diverse data points.
Strategies for Effective Data Organization
To leverage the full potential of Microsoft Copilot, here are some strategies for effective data organization:
1. Standardize Data Entry: Implement consistent formats and conventions for data entry to maintain uniformity across datasets.
2. Implement Data Cleaning: Regularly clean your data to remove duplicates, correct errors, and update outdated information.
3. Utilize Metadata: Use metadata to provide context to your data, making it easier for Copilot to understand and process it accurately.
4. Adopt Data Categorization: Categorize data logically, grouping similar types of data together, to enhance accessibility and analysis.
5. Ensure Data Security: Protect sensitive data through encryption and access controls to prevent unauthorized access.
6. Continuous Evaluation: Regularly assess your data organization practices and adjust as needed to accommodate new data types or business requirements.
The organization of data is not just a prerequisite but a catalyst for maximizing the accuracy and effectiveness of AI tools like Microsoft Copilot. By investing time and resources into proper data organization, businesses and individuals can significantly enhance the reliability of the insights generated, leading to more informed decisions and improved productivity. Remember, the journey towards leveraging AI effectively starts with the foundational step of organizing your data efficiently. Learn more about Thrive’s Microsoft 365 Solutions here.
Audax Private Equity and Aspen Surgical Select Thrive for Carve-Out and Ongoing Technology Platform Support Download NowAudax Private Equity, a leading investment firm, recently acquired Aspen Surgical, a surgical products business previously under Hillrom’s umbrella. This case study highlights how Thrive, a trusted technology partner, facilitated a seamless transition for Aspen Surgical’s IT infrastructure, enabling a successful carve-out and setting the stage for future growth and innovation.
Separation Struggles
Aspen Surgical tackled the challenge of untangling its IT infrastructure from its former parent company, Hillrom, which involved adding new servers, migrating data, and enhancing security. Audax and Aspen Surgical sought a partner to establish their new IT infrastructure and ensure timely completion before the transitional services agreement expired.
Thrive Chosen for Expertise in Mid-Market, PE-backed Ventures
Audax chose Thrive for its innovative approach and proven expertise in mid-market, PE-backed ventures, streamlining critical projects like mergers and acquisitions. “Thrive’s portfolio-wide reporting back to the fund is unique in the marketplace and ensures secure and scalable platforms. Additionally, its proactive cybersecurity approach mitigates post-acquisition risks and lays the groundwork for seamless add-on investments,” said Kevin Ellis, Vice President of Sales at Thrive. Audax also valued Thrive’s dedicated PE-focused teams and tailored support for fast-growth businesses.
Precision in Action: Planning and Execution
Collaborating closely with Aspen Surgical’s internal IT team, Thrive meticulously planned server and data migration, deployed new Office 365 tenants, and implemented robust security measures with an innovative ticketing system for quick response time, resolution and communication. This strategic approach ensured minimal downtime and disruption to operations, laying a secure foundation for future endeavors.
Seamless Deployment
Thrive prioritized security and scalability by implementing advanced endpoint security measures and robust backup and disaster recovery services. These efforts aimed to mitigate cybersecurity threats and minimize downtime risks. Solutions deployed include ThriveCloud, ServiceNow technology, Security Information and Event Management (SIEM), 24x7x365 Security Operations Center, NextGen Endpoint Security (EDR), Vulnerability Scanning, End User Security Training, Phishing Simulation.
Our PE-experienced team possesses the technical and strategic skills to navigate rapid growth scenarios, providing unparalleled support focused on value creation, protection, and PE-specific engineering and account management. Throughout the carve-out process, Thrive ensured project completion within the confines of the transitional services agreement, emphasizing the importance of effective communication and comprehensive project management.
Realizing the Vision: Achieving Success with Thrive
With Thrive’s aid, Aspen Surgical smoothly transitioned to its new IT infrastructure, bolstered by NextGen services for scalability and resilience, while proactive cybersecurity measures ensured value protection post-acquisition. Leveraging Thrive’s services, including ThriveCloud, Aspen Surgical guarantees scalable solutions for future growth, with ongoing support ensuring a robust IT setup. With Thrive’s help, Audax and Aspen completed the carve-out on time and budget, facilitating rapid expansion and investments for Aspen Surgical’s future prosperity.
Revolutionizing Private Equity Transactions
Thrive’s unparalleled expertise in supporting PE transactions transcends individual carve-outs. By providing portfolio-wide reporting and innovative solutions tailored to PE firms’ unique needs, Thrive is poised to revolutionize how investment firms manage and optimize their technology investments, driving value and enabling strategic growth initiatives.
Thrive’s Value Creation and Protection Designed for PE
Acquisitions draw attention, making companies vulnerable to impersonation and phishing. Smaller to mid-market PE firms with technical debt are especially at risk due to outdated security. Immediate security analysis post-acquisition is crucial to mitigate threats promptly. Neglecting this can lead to significant financial losses, emphasizing the need for proactive cybersecurity measures to safeguard against attacks targeting newly acquired businesses.
Agile and Adaptive for PE Transactions
Thrive consistently conducts thorough IT operations reviews and security evaluations. In many cases involving PE firms, transactions come with technical debt and scalability challenges. Nonetheless, Thrive’s agility allows for swift adjustments to the current operational landscape, ensuring seamless support and adaptability to evolving needs.
“Our team was faced with a significant migration project and we sought out an experienced partner to help us make the process seamless and be available as an extension of our internal team for support when needed. Thrive ended up being the partner we were looking for – and more.” ~ Christopher Dukes, VP of Information Technology, Aspen Surgical
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Thrive Launches Security Response & Remediation Services to Safeguard Businesses Against Cybersecurity IncidentsNew offering empowers organizations to better contain and remove cyber threats, minimizing business disruption and associated costs
Boston, MA, March 12, 2024 – Thrive, a global technology outsourcing provider for cybersecurity, Cloud, and traditional managed service provider (MSP) services, today announced the launch of Thrive Incident Response & Remediation, an on-demand cybersecurity response service to contain and remove threats, along with engineering assistance to rebuild and restore critical systems.
Phishing, ransomware and other cyberattacks put businesses of every size at huge risk of losing millions of dollars trying to remedy the situation. In fact, according to IBM, the global average cost of a data breach in 2023 was $4.45 million – a 15% increase over three years. This kind of cost is unfathomable for many businesses – especially small to mid-sized enterprises, who simply cannot afford to pay out such a vast sum.
To help customers mitigate risk and avoid the rising costs of security threats, Thrive has introduced its latest cybersecurity offering: Thrive Incident Response & Remediation. With this solution, customers are connected to a dedicated Incident Responder from the Thrive Security Operations Center (SOC) in the event of a security incident to access the incident’s scope and provide immediate response actions to restore services. Thrive Incident Response & Remediation proactively gets ahead of cybersecurity threats by collaborating on pre-incident planning and running an automated compromise assessment that will hunt for threats already in the environment. Should an incident occur, customers using the service will see faster recovery time after a cybersecurity incident, keeping business disruption and the costs associated to a minimum.
Thrive’s Incident Response & Remediation services include:
- Pre-Incident Planning: Thrive security experts engage with subscribed clients to ensure that they have an approved incident response plan, an asset inventory prioritized based on business impact and a backup strategy for critical systems
- Incident Response Tools: Upon working together, an incident response agent is installed on systems prior to an incident. These advanced tools ensure potential threats are contained faster and provide high-value forensic artifacts.
- Compromise Assessment: Thrive conducts an automated compromise assessment during onboarding to identify current threats that may impact systems
- Prioritized Incident Management: Users can report an incident with a 15-minute response time guaranteed by the Thrive SOC to begin threat assessment and scoping
“Many business leaders today are facing the daunting task of safeguarding their IT environment amidst an evolving cybersecurity landscape, and need support to ensure they have the tools and experience that will keep their systems and data safe,” said Michael Gray, CTO of Thrive. “At Thrive, we make being the IT and cybersecurity experts our business so our customers can focus on their own. Thrive’s Incident Response & Remediation services is the latest extension of that mission so that no matter the threat, our clients have the resources and peace of mind needed to keep their businesses moving forward.”
Thrive Incident Response & Remediation is the latest of the company’s comprehensive solutions aimed at safeguarding the entire IT environment and securely optimizing business performance. Thrive’s tailored cybersecurity solutions ensure end-to-end protection of customer’s systems and data and enable businesses to stay ahead of potential threats. The more Thrive managed security services a customer consumes, the lower the cost, as Thrive automatically applies a tiered discount towards monthly retainer remediation services.
To learn more about Thrive and its offerings, visit the website.
About Thrive
Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.
Contacts
Amanda Maguire
Alexa Capital, a global corporate finance and M&A advisory firm selected Thrive to optimise it’s IT infrastructure with regulatory compliance Download Now
CHALLENGE
Alexa Capital, a global corporate finance and M&A advisory firm specialising in energy technology, energy infrastructure, and e-mobility, grappled with challenges regarding its IT partner. The 22-person FCA-regulated team, based in Mayfair, faced issues of insufficient service levels, particularly with the office based in NY, and a lack of strategic guidance. The firm felt a misalignment with regulatory standards and business expectations, prompting it to seek a more fitting and effective IT partnership with experts who specialise in the corporate finance industry.
SOLUTION
Alexa Capital chose Thrive because of our record of success, depth of capabilities and pedigree within the investment community. In addition, Thrive’s structure, service delivery model, and ability to immediately address challenges stood out amongst the other vendors. Thrive implemented Managed IT Services (Helpdesk, M365, Telephony, Cloud), Managed EBMS Networking (Fortinet & Meraki) and Managed Security: SOC & SIEM, EDR and Cloud Security. Thrive have additionally agreed a plan forecasted in the short-term to address alternative cloud-based data storage solutions to further optimise the firm’s internal filing system for improved efficiency and better utilisation of the M365 environment. Thrive will continue to proactively support and guide Alexa Capital on further recommendations to enhance the firm’s IT infrastructure and cyber security.
RESULT
In addition to ensuring strict regulatory compliance, this project significantly improved operational efficiency. Real improvements resulted after forming a strategic relationship with Thrive, including better strategic guidance, higher service levels and overall better IT performance for Alexa Capital.
“Thrive’s expertise enhanced our IT operations, aligning technology with our business objectives. By choosing a specialized partner in financial services, we’ve noticed an improvement in our client experience. Thrive enhanced our cybersecurity posture by adding 24×7 monitoring & response from Thrive’s own Security Operations Centre. We have peace of mind knowing that we are following industry best practices.” ~ Alexa Capital
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Guarding UK Enterprises: Defending Against Escalating Cyber Threats in 2024As cyber attacks continue to surge across the UK for the third consecutive year, businesses face the daunting task of safeguarding their digital assets amidst a complex landscape. A recent study conducted by Tenable and Forrester Consulting sheds light on the severity of the situation, revealing that a staggering 48% of cyber attacks target UK organisations.
This alarming trend, coupled with recent reports from the BBC detailing cyber attacks on police forces, councils, and businesses, underscores the urgent need for a robust cyber security strategy. In this blog, we delve into the escalating cyber threats facing UK businesses and offer practical solutions tailored to your organisation’s needs.
Escalating Cyber Threats
This revelation from Tenable paints a grim enough picture. Still, when coupled with further statistics from the State of Trust 2023 Report (surveying the behaviours and attitudes of 2,500 business leaders, including 500 in the UK), we see that the average approach from UK businesses does not nearly correspond to the level of risk presented.
The report found that, on average, only nine per cent of UK companies’ IT budget is allocated to security. This reveals a stark misalignment between escalating cyber threats and the security of UK businesses and leaves them exposed to risk.
Furthermore, the State of Trust 2023 Report published by Vanta indicates that less than half (42%) of UK organisations rate their risk visibility as vital. This prevents businesses from effectively gauging and comprehending the extent of the risks faced. As threats rapidly evolve in prevalence and sophistication, a lack of comprehensive risk visibility can leave you and your employees wide open to data breaches.
Widespread Targets
Recent cyber attacks targeting large corporations and smaller businesses underscore the indiscriminate nature of these threats. For instance, in early January 2023, the Royal Mail fell victim to a ransomware attack, causing significant disruption to its operations at a distribution centre near Belfast, Northern Ireland, where the printers began frantically spitting out the ransomware gang’s demands. Much like the December 2022 attack on The Guardian, this caused widespread disruption to the sizable company.
Similarly, smaller local councils like the Western Isles local authority Comhairle nan Eilean Siar and Redcar and Cleveland Borough Council have also been targeted, compromising sensitive data and disrupting essential services.
Notably, proactive measures were undertaken by organisations like Oldham Council, investing £682,000 in computer upgrades after it revealed the company was actively warding off 10,000 cyber attacks per day. Such investments enhance disaster recovery capabilities and provide comprehensive protection against ransomware attacks, safeguarding critical data and mitigating potential financial losses.
IT Security Budgets Too Low?
Today, many British businesses openly share that they believe their systems are subpar. With only nine per cent of the average UK company’s IT budget dedicated to security, most are aware of the risk they take on. However, in attacks like these, financial loss is not only incurred through client trust erosion and business disruptions. The fines from regulators for not keeping businesses resistant to customer data breaches can be staggering.
The need for more allocation of IT security budgets presents a formidable challenge for UK businesses. With a mere nine per cent of the average company’s IT budget dedicated to security measures, numerous organisations acknowledge the inherent risks they face. However, the consequences of a cyber attack extend far beyond mere financial losses, as exemplified by the Equifax case. The Financial Conduct Authority fined this large credit reporting agency over £11 million for failing to protect the personal data of nearly 14 million British clients in one of the most significant cyber security breaches ever recorded. Among the data leaked in the 2017 breach were names, dates of birth, phone numbers, addresses, and credit card details of unsuspecting British consumers.
Equifax’s troubles did not end there. Following the leaking of personal data of almost 150 million US customers, the company faced a record settlement of $800 million with American authorities. Patricio Remon, Equifax’s European head, highlighted the immense investment made in security and technology transformation since the cyber attack against the company six years ago, amounting to over $1.5 billion.
Despite these efforts, the company received a £500,000 fine from the UK’s Information Commissioner’s Office in 2018 for the same attack, the maximum fine allowed at the time. While these actions illustrate efforts in Britain to mitigate the impact of ransomware attacks, challenges persist beyond its borders.
Prosecutors in Belarus, Russia, and several other former Soviet Union states show little inclination to pursue such lucrative cyber crimes, according to assessments from the National Cyber Security Centre and the National Crime Agency (NCA). Additionally, ransomware operators have been identified in West Africa, India, and Southeast Asia.
James Babbage, a director of general threats at the NCA, noted that traditional criminal justice outcomes are challenging to achieve against actors based in uncooperative jurisdictions. Consequently, the US, UK, and other allies have relied on technological methods to dismantle some of the most prolific cyber criminal networks, such as the Qakbot network and its counterparts.
What’s particularly alarming in this report is the simplicity with which these attacks can be thwarted. Many businesses need to implement basic security measures such as multi-factor authentication, a widely accepted industry standard that is easily implemented. Others overlook the importance of using strong passwords or updating every machine on their network regularly.
A Worrying Reality
These statistics underscore a worrying reality: many UK businesses operate with inadequate cyber security measures that fail to align with the escalating digital threats. As cyber criminals evolve tactics, companies must reallocate resources and adopt robust cyber security strategies to mitigate risks effectively.
In light of these challenges, businesses must proactively enhance their cyber security posture. At Thrive, we specialise in partnering with companies to navigate the complex cyber security landscape. Contact us today to fortify your defences and ensure resilience against emerging cyber threats.
Thrive Enhances IT Infrastructure of Law Firm Hill & Ponton Download NowCHALLENGE
Facing a pivotal decision, Hill & Ponton stood at a crossroads: either invest in upgrading their aging equipment or transition to private cloud. As a law firm situated in Orlando, Florida, they prioritized high availability and stability to safeguard sensitive data against cyber threats and natural disasters. Seeking enhanced security layers and a robust recovery strategy, they recognized the importance of establishing an effective security management program for future success. Acknowledging the evolving threat landscape, Hill & Ponton sought a specialized partner capable of navigating the increasingly disruptive IT environment essential for law firms’ stability and safeguarding sensitive client information.
SOLUTION
Thrive’s solutions empowered Hill & Ponton’s digital transformation by providing a secure pathway to the cloud, enabling them to leverage advancements in cloud solutions beyond the capabilities of their legacy systems. With their cloud migration completed in May 2020, the firm gained enhanced performance flexibility, crucial for adapting to COVID-19 lockdowns and facilitating seamless operations in a remote setting. In June 2020, Thrive augmented their services by integrating Managed Services (MSP) into the Virtual Private Cloud (VPC), delivering comprehensive monitoring, alerting, antivirus, patch management, and server support. Additionally, Thrive implemented immutable backups and advanced endpoint protection with Managed Detection and Response (MDR), further fortifying Hill & Ponton’s IT infrastructure. By entrusting Thrive with data management, accountability, and advanced security measures, Hill & Ponton’s digital capabilities were bolstered with additional layers of protection. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
RESULT
The timing proved opportune for Hill & Ponton’s cloud migration, aligning with their commitment to staying technologically current. Opting for a trusted partner was paramount, especially for a project of this magnitude. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
“Partnering with Thrive has led to a phenomenal improvement in our IT infrastructure security and reliability. Our small internal IT department now has the tools and capabilities of a much larger team for a fraction of the cost. I wholeheartedly recommend Thrive if you’re looking for an IT infrastructure partner you can trust with your data and ultimately, your business.” ~ Allen Harper, IT Manager, Hill & Ponton
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US