CHALLENGE
Facing a pivotal decision, Hill & Ponton stood at a crossroads: either invest in upgrading their aging equipment or transition to private cloud. As a law firm situated in Orlando, Florida, they prioritized high availability and stability to safeguard sensitive data against cyber threats and natural disasters. Seeking enhanced security layers and a robust recovery strategy, they recognized the importance of establishing an effective security management program for future success. Acknowledging the evolving threat landscape, Hill & Ponton sought a specialized partner capable of navigating the increasingly disruptive IT environment essential for law firms’ stability and safeguarding sensitive client information.
SOLUTION
Thrive’s solutions empowered Hill & Ponton’s digital transformation by providing a secure pathway to the cloud, enabling them to leverage advancements in cloud solutions beyond the capabilities of their legacy systems. With their cloud migration completed in May 2020, the firm gained enhanced performance flexibility, crucial for adapting to COVID-19 lockdowns and facilitating seamless operations in a remote setting. In June 2020, Thrive augmented their services by integrating Managed Services (MSP) into the Virtual Private Cloud (VPC), delivering comprehensive monitoring, alerting, antivirus, patch management, and server support. Additionally, Thrive implemented immutable backups and advanced endpoint protection with Managed Detection and Response (MDR), further fortifying Hill & Ponton’s IT infrastructure. By entrusting Thrive with data management, accountability, and advanced security measures, Hill & Ponton’s digital capabilities were bolstered with additional layers of protection. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
RESULT
The timing proved opportune for Hill & Ponton’s cloud migration, aligning with their commitment to staying technologically current. Opting for a trusted partner was paramount, especially for a project of this magnitude. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
“Partnering with Thrive has led to a phenomenal improvement in our IT infrastructure security and reliability. Our small internal IT department now has the tools and capabilities of a much larger team for a fraction of the cost. I wholeheartedly recommend Thrive if you’re looking for an IT infrastructure partner you can trust with your data and ultimately, your business.” ~ Allen Harper, IT Manager, Hill & Ponton
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Thrive Spotlight: Marc Friesen, Senior Cloud Engineer, Remote AccessWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Marc Friesen, Senior Cloud Engineer, Remote Access. In his role, Marc focuses on Thrive’s Managed Azure Virtual Desktop and Managed Citrix Cloud remote access methodologies. He also operates as a subject matter expert on many related technologies such as Duo MFA and Printerlogic managed Cloud print management, among others. In addition, Marc collaborates with internal teams throughout Thrive that coordinate management and support of Thrive’s many Cloud offerings and work on new technologies to vet and integrate them into Thrive’s platform.
Marc lives in Maryland, which is a short drive away from Thrive’s Elkridge office. He is an avid reader and video gamer. Marc enjoys playing Dungeons and Dragons with his fellow dad friends when they can find a hole in their busy parental schedules, and he recently started periodically playing the card game Magic the Gathering with Thrive colleagues after work.
Hi Marc! Can you tell us about your background and how you came to Thrive?
I came to Thrive as part of the 2019 acquisition of Ease Technologies, where I was the lead engineer for over 13 years building their Cloud Computing and MSP business. That role transitioned into Cloud engineering for Thrive with our Managed Azure Virtual Desktop and Managed Citrix Cloud Platforms.
Where did you go to school or get training?
I received my Bachelor’s degree from Bethel College, a tiny school in North Newton, Kansas, where my family has gone for three generations. I frequently tease my 11-year-old daughter that she has to be the 4th generation.
I also attended school in Lyon, France, and Henderson, Nebraska.
What do you most enjoy about working for Thrive?
I am a fan of efficiency because it makes everyone better at their jobs and reduces stress for ourselves and our customers. That includes the organizational efficiency of professionalism.
Many times in IT, one gets stuck in the weeds of a particular problem; at Thrive, we have a bewildering breadth of experience, which means I can bring up a complex problem to colleagues and come back with a simpler/better solution that has been verified and documented.
Are there any recent exciting projects at Thrive you can tell us about?
Cloud computing is going through an explosion of capabilities and functionality as Microsoft has pivoted from a software to a service company. New features will allow offline login to Cloud desktop with data still accessible for offline work and then synced back when the system comes back online, all from a secure dedicated integrated boot environment.
We recently completed a complex migration for a customer from RDS to AVD and received the feedback after a few weeks running that “everything just works the same or better, so we have no feedback.” Music to my ears!
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
The Future is Now, Powered by AI“We see an onslaught of clients thrown against the wall and can’t keep up with threats,” said Stephenson. “We use AI to tool through every realm. Use AI to make better in-time decisions. However bad guys use AI to create exploits and vulnerabilities. AI is like a double-edged sword.”
Thrive Spotlight: Antwoine Adams, Senior Project Delivery LeadWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Antwoine Adams, Senior Project Delivery Lead. In his role, he manages Thrive’s Enterprise and Strategic customers’ projects from design to delivery to execution. He serves as the liaison between our customers and the engineering teams at Thrive.
Antwoine calls Maryland home, and in his free time, he enjoys working out, watching basketball, and cheering on his son’s basketball, baseball and football games.
Hi Antwoine! Can you tell us about your background and how you came to Thrive?
My journey began as a helpdesk technician at my alma mater, Virginia Union University. My early interest in Cloud technology led me to volunteer to manage a significant PBX to VoIP project. This experience gave me a valuable boost in self-confidence and a sense of belonging in this field. Although the project was a success, I wasn’t initially considering a career as a project manager.
During that period, I was fully committed to being a Cloud engineer and had no plans to shift my focus. My transition into project management happened quite unexpectedly. I had the unique ability to both engineer and manage my projects. The company I was working for at the time recognized this skill set and approached me to assist in managing projects for other engineers. I agreed without hesitation. It was at that moment that I realized working on a project was significantly more straightforward than engineering, and I never looked back.
I joined Thrive after working at another MSP because I was seeking a fresh challenge in the same tech field, specifically within a larger company that offered a broader range of customers in its portfolio.
Where did you go to school or get training?
I completed my undergraduate studies at Virginia Union University, and for my Master’s degree, I attended South University in Savannah, Georgia. Regarding ongoing training, I firmly believe in continuous learning and utilize various resources, including reading, LinkedIn and YouTube.
What do you most enjoy about working for Thrive?
My team! I am incredibly fortunate to be part of a close-knit team that significantly makes my job more manageable. We share effective communication, collaborate seamlessly and genuinely enjoy working together.
Are there any recent exciting projects at Thrive you can tell us about?
Over the last six months, I’ve taken on the responsibility of managing some of Thrive’s high-value enterprise clients. This role has allowed me to demonstrate the significance of having a dedicated program manager and instill confidence in our ability to complete projects for these clients
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
The Unspoken Threat from State-Sponsored Cyber Attacks and How They Might Affect Your BusinessMany UK businesses may not know that as they go about their daily activities, the UK Security Services (MI5/MI6, alongside NCSC and GCHQ) are working diligently to protect their interests from state-sponsored cyber attacks. These government agencies monitor and prevent significant cyber attacks on the core systems that enable UK infrastructure (the Critical National Infrastructure or CNI) to operate.
In this blog post, we uncover the latest threats posed by aggressive nations targeting the UK’s Critical National Infrastructure (CNI). We shed light on the severe impacts on British financial systems and businesses that have been disclosed to the public.
Hidden Targets
Larger organisations working in or supplying parts of the UK’s Critical National Infrastructure supply chain are typically informed about state-sponsored threats. However, smaller and medium-sized businesses are not always kept in the loop due to security concerns. Despite their inability to prevent state-sponsored attacks, SMEs must make themselves aware of potential risks within their supply chains for business continuity.
Vulnerability in Critical Infrastructure
Britain ranks as the third most targeted country for cyber attacks, and in 2023, it was the most targeted European nation. Recently, the vulnerability of Critical National Infrastructure (CNI) has escalated, posing a significant risk. Many CNIs have been outsourced to private companies, creating a clash between ensuring safe operations and the profit-driven priorities of private sector businesses. This friction jeopardises investment and preparation for cyber attacks, presenting a substantial threat to UK businesses.
The outsourcing trend can lead to businesses replacing existing systems with commercial off-the-shelf products, potentially cost-effective but varying in cybersecurity protection. This increases the likelihood of severe physical disruption. The infamous 2017 WannaCry ransomware attack, although not specifically targeting the UK, is a stark example of the potential consequences of a deliberate attack.
The HMRC has recently expressed concerns about its “old and ageing” IT systems. Failure to upgrade Whitehall’s security measures is seen as a risk for a major security breach affecting Britons’ National Insurance and bank details. Experts warn that such a breach could expose the UK to threats from Russia and China, both state-sponsored and independent. The HMRC’s annual accounts highlight the potential for a “major IT failure or security breach” due to the current software, posing a permanent risk to business operations.
Tax expert Heather Self from Blick Rothenberg points out that the substantial expenditure involved is the obstacle to updating IT systems. She emphasises that if budgets are constrained, there is a risk of neglecting the upkeep of even the UK’s most critical systems. This ongoing situation reiterates the need for SMEs to be aware of this potentially long-term issue.
“Very Large Probability” of a Devastating Cyber Attack
Amplifying the existing threat landscape for SMEs, the government has issued a direct warning, indicating a 5% to 25% likelihood of a severe attack on the UK’s Critical National Infrastructure (CNI) within the next two years. This information is drawn from the 2023 National Risk Register, an annual government report consolidating risks ranging from terrorism and cyber attacks to hazardous weather incidents. The report highlights risks to vital British infrastructures, including gas and electricity supply, the NHS, the transport sector, and civil nuclear facilities.
Typically, the anticipated attacks involve actions such as encrypting, stealing, or destroying data, which are crucial to the functioning of the UK’s CNI. This jeopardises user data and threatens public trust, especially concerning electoral processes. The assessed likelihood of such an attack is rated at 4 on a scale of 1 to 5, with 5 being the highest probability. The anticipated impact is deemed “moderate,” yet it still signifies potential economic damage in the billions of pounds, as well as up to 1,000 deaths and 2,000 casualties.
Artificial intelligence (AI) is also identified as a “chronic risk,” presenting continuous challenges that could harm the British economy, National Security, and overall life. According to the World Economic Forum, 93% of cyber leaders believe there is a high probability of global geopolitical instability leading to a catastrophic cyber event.
Dark Web Data Leaks
In a recent cybersecurity incident targeting the UK, Russian hackers were suspected of leaking classified British military data on the dark web. The compromised information included details about the Porton Down chemical weapons lab, an HMNB Clyde nuclear submarine base, and a GCHQ listening post—additionally, the leak exposed sensitive data related to maximum security prisons and military sites.
GCHQ warned about similar attempts by Iranian and Chinese hacker groups to carry out such attacks. The National Cyber Security Centre (NCSC), a part of the UK’s intelligence and security agency GCHQ, urged Critical National Infrastructure (CNI) operators, including those in energy and telecommunications, to be vigilant and prevent Chinese state-sponsored hackers from infiltrating their systems.
According to an April-published government report on cybersecurity breaches, 32% of businesses and 24% of charities reported data breaches in the past year, with larger firms experiencing a higher rate of 69%. Despite being common targets for hackers seeking extortion, this report did not include public sector organisations.
Analysts point out that SMEs in the finance, insurance, information, communications, administration, and real estate sectors, part of the CNI, face a higher likelihood of cyber attacks than those in other industries. Recognising this growing risk, the government has emphasised the need for all organisations to bolster their cybersecurity measures.
Be Ready for Cyber Threats
Staying informed about the latest cybersecurity threats affecting Critical National Infrastructure (CNI) is crucial for maintaining a solid defence. The alarming examples and statistics underscore the pressing requirement for SMEs to proactively strengthen their cybersecurity measures, especially with aggressor nations focusing on the British CNI.
Thrive boasts extensive experience collaborating with SMEs to ensure security, even amid intricate attacks. We offer support, guidance, and assistance to help fortify your business. Reach out to us today to elevate the cybersecurity of your business.
Thrive Spotlight: Duane Kostas, Service Dispatch SupervisorWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Duane Kostas, a Service Dispatch Supervisor based in the Foxboro, MA office. He manages the scheduling of Thrive’s Field Engineers, coordinates third-party resources for projects, and AdHoc matters in areas lacking Thrive employees, dispatches personnel nationwide and internationally, and fosters relationships with third-party resources to optimize service for Thrive and its customers across all company locations.
While Duane is considered a rockstar at Thrive, he used to be a literal rockstar, playing bass guitar and singing in bands for nearly 30 years! He is still passionate about music and occasionally meets with pals for jam sessions to relive the glory days.
Hi Duane! Can you tell us about your background and how you came to Thrive?
With my IT background and experience in Kaseya and ConnectWise from a previous IT support job, I started as a desk support engineer for Corporate IT Solutions in 2010. As the company expanded, I noticed the need for better team management, I became the first Service Coordinator, which was crucial in keeping day-to-day operations running smoothly. When they merged with Thrive, I came along for the ride. Post-merger, I transitioned to a Client Engagement Manager role and currently serve as the service dispatch supervisor for Thrive. Having a technical background has helped me to succeed in both roles.
Where did you go to school or get training?
I received technical training at Newbury College in Brookline, Massachusetts, and Roger Williams University in Bristol, Rhode Island. I earned an associate’s Degree in Programming from Newbury College and received an Outstanding Student Achievement Award for graduating with a 4.0 GPA.
What do you most enjoy about working for Thrive?
What I appreciate about being part of the Thrive team is the company’s enduring presence. Thrive’s continuous growth and resilience during the challenges of the COVID-19 pandemic speak volumes about the strength of its management and the dedication of its employees. It’s something that holds significant value for me.
Are there any recent exciting projects at Thrive you can tell us about?
I’m excited to continue to focus on enhancing Thrive’s dispatching process. I’m dedicated to refining the system by providing training and developing accessible documentation for everyone.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Telarus Clinches Top Honor as Thrive’s TSB of 2023 in Inaugural Channel AwardsThrive’s Outstanding Partner Awards Names Telarus as the Technology Solutions Brokerage of the Year
FOXBOROUGH, MASS. – January 16, 2024 – Thrive, a premier provider of cybersecurity and digital transformation Managed Services, proudly introduces its first-ever Outstanding Partner Awards to recognize exceptional collaborations within its network. Thrive is pleased to announce Telarus as the Technology Solutions Brokerage (TSB) of the Year.
These channel awards mark the launch of Thrive’s formal recognition program, spotlighting partners who exemplify collaboration, innovation and shared success that define the Thrive partner ecosystem. Each partner selected has demonstrated significant, increasing growth with Thrive in 2023.
“We celebrate Telarus as our TSB of the Year,” said John Holland, Chief Revenue Officer at Thrive. “This award reflects Telarus’ exceptional performance, dedication, and collaborative spirit, driving innovation for both parties.”
Richard Murray, COO of Telarus, expressed gratitude, stating, “This award reflects our commitment to excellence in partnership with Thrive. We look forward to continuing our collaborative journey, delivering cutting-edge solutions and unparalleled value to our clients in tandem with Thrive’s industry-leading expertise.”
Watch our Telarus Partnership Video. For more information about Thrive and its award-winning partners, please visit http://www.thrivenextgen.com/.
###
About Thrive
Thrive delivers global IT outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at http://www.thrivenextgen.com or follow us on LinkedIn.
About Telarus
Telarus, a premier global technology services distributor, has devoted over two decades to driving technology advisor impact and growth through deep market insights and experience, a partnership focus, and a comprehensive set of services, solutions, and tools. With a focus on collaboration with advisors and suppliers, Telarus enables technology advisors to source, purchase, and implement the right technology for the greatest impact.
MEDIA CONTACT:
Kristina O’Connell
Thrive
EVP, Marketing
koconnell@thrivenextgen.com
978.764.7960
Opkalla Recognized for Outstanding Collaboration and Achievements in Cybersecurity and Technological Modernization Services
FOXBOROUGH, MASS. – January 16, 2024 – Thrive, a premier provider of cybersecurity and digital transformation Managed Services, is pleased to announce Opkalla as the Breakout Partner of the Year Award recipient. This is part of Thrive’s first-ever Outstanding Partner Awards to recognize exceptional collaborations within its network.
These channel awards mark the launch of Thrive’s formal recognition program, spotlighting partners who exemplify collaboration, innovation and shared success that define the Thrive partner ecosystem. Each partner selected has demonstrated significant, increasing growth with Thrive in 2023.
“We are delighted to acknowledge Opkalla’s strategic thinking, leadership and significant contributions to Thrive’s growth with the Breakout Partner of the Year award,” Bill McLaughlin, Thrive’s President, stated. “Our top-tier partners fuel Thrive’s cybersecurity, digital transformation and Managed Services for businesses across North America, Europe and Asia-Pacific.”
“It’s an honor to be named Breakout Partner of the Year,” Aaron Bock, Opkalla Managing Partner, said. “We’re excited to continue working with Thrive to protect and empower businesses through Thrive’s comprehensive and advanced cybersecurity, Cloud and managed solutions.”
Watch Thrive’s Opkalla Recognition Video. For more information about Thrive and its award-winning partners, please visit http://www.thrivenextgen.com/.
###
About Thrive
Thrive delivers global IT outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at http://www.thrivenextgen.com or follow us on LinkedIn.
About Opkalla
Opkalla helps their clients navigate the confusion in the technology marketplace and choose the solution that is right for their business. They work alongside IT teams to design, procure, implement and support the most complex IT solutions without an agenda or technology bias. Opkalla was founded around the belief that IT professionals deserve better, and is guided by their core values: trust, transparency and speed. For more information, visit https://opkalla.com/ or follow them on LinkedIn.
MEDIA CONTACT:
Kristina O’Connell
Thrive
EVP, Marketing
koconnell@thrivenextgen.com
978.764.7960
Welcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Mark Kerchoff, a Cloud Architect, Platform. In his role, Mark helps design systems for Thrive clients and implements and troubleshoots the more complex environments.
Mark lives in New Canaan, Connecticut, and is primarily based out of the Greenwich office but occasionally frequents the NYC office. Mark’s downtime perfectly blends beats, sports and tasty treats. He is passionate about live music, and you’ll usually find him at rock & roll or jam band shows. Outside the music scene, Mark is the go-to soccer and tennis dad, cheering on his three sports-loving sons. He also enjoys all things culinary – cooking and eating delicious meals.
Hi Mark! Can you tell us about your background and how you came to Thrive?
My career started in April 2000 at a small Managed Service Provider (MSP) catering to hedge funds. Subsequently, I transitioned to working directly with hedge funds before finding my way to Amaranth Group. Following the closure of Amaranth Group, the IT team evolved into Edge Technology, where I’ve been an integral part of the team for an impressive 16 years. In the most recent chapter, Edge Technology has seamlessly integrated into the Thrive family, marking a year of exciting collaboration under the Thrive umbrella.
Where did you go to school or get training?
I earned my education at Northeastern University in Boston; a foundation complemented over the years by various certifications from Microsoft and VMWare. This continuous commitment to learning has been instrumental in shaping my expertise.
What do you most enjoy about working for Thrive?
Though relatively new to the Thrive family, I’m genuinely impressed by the people. The collaborative spirit and enthusiasm among team members create an environment where everyone is not just willing but eager to come together, ensuring that tasks are done efficiently and effectively.
Are there any recent exciting projects at Thrive you can tell us about?
A project that holds significant promise and excitement is related to the Edge Technology acquisition. We are actively involved in streamlining and consolidating data centers, a venture that aligns with Thrive’s commitment to innovation and excellence. It’s an exciting opportunity to contribute to the growth and success of the company in a dynamic and evolving tech landscape.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
UK Legal Firms Facing Unrelenting Cyber OnslaughtIn the aftermath of our previous blog on cyber-attacks targeting the legal sector in the UK, we delve deeper into the latest assaults, shedding light on the dire consequences and offering insights on bolstering cyber defences to avert severe business disruptions. This article unveils recent attacks on law firms and the high stakes for failing to take adequate safety measures.
The Allen & Overy Saga: A High-Profile Confrontation
The most high-profile recent victim is Allen & Overy – the UK “magic circle” law firm that fell prey to the notorious Russian ransomware group Lockbit. This London-based legal giant, founded in 1930, is the 7th largest integrated law firm globally, with approximately 5,500 employees and 500 partners across 31 nations. Allen & Overy was in the process of merging with Sherman & Sterling and faced a cyber onslaught that threatened to expose sensitive data. The merger was to create a 4,000-lawyer firm with 800 partners across 48 offices by May 2024. Lockbit added Allen & Overy to its victim list in early November 2023, claiming they had acquired their data and planned to publish it soon.
Prompt action by external cybersecurity experts helped isolate and contain the breach, sparing the firm’s core system data, email, and document management systems. Weeks later, as forensic investigations and remediations unfold, the firm continues to operate with limited disruption, underscoring the importance of swift and well-planned responses to such threats. The speed of response by Allen & Overy and the additional remediation and planning after the attack were critical to avoid catastrophic data loss.
Dire Warnings for Legal Businesses
Lockbit, the group behind the Allen & Overy attack, should be considered a significant threat. The National Cyber Security Centre (NCSC) labelled Lockbit as the most deployed ransomware in 2022, emphasising the devastating impact of their attacks. NCSC Director of Operations Paul Chichester urges organisations to comprehend the severe consequences of ransomware assaults on operations, finances, and reputation: “It is essential for organisations to understand the serious consequences that ransomware attacks can have on their operations, finances, and reputation.”
Since January 2020, entities of various sizes operating within critical infrastructure sectors such as finance, food and agriculture, education, and healthcare have experienced attacks from Lockbit affiliates utilising diverse tactics and methods. The wave of Lockbit’s widespread attacks across these critical infrastructure sectors reinforces the urgency for heightened cybersecurity measures.
Legal Sector in the Crosshairs
Legal firms have long been prime targets due to their safeguarding of sensitive client data. Past incidents, such as the £5 million ransomware attack on Ince in July 2022 and the 2021 assault on Simplify Group, the UK’s largest conveyancing company, highlight the sector’s vulnerability.
Simplify Group’s breach, resulting in a month-long system shutdown, showcasing the significant financial implications and potential fallout for law firms facing cyber threats. Vendors and buyers were left in turmoil for up to a month, unable to finalise any transactions. As for affected data, current and former staff members from conveyancing firms using Simplify were impacted by this breach. However, there is no indication customer data was stolen. Simplify had a class action lawsuit filed against them by other law firms on behalf of outraged clients, resulting in potential financial liability and implications.
Multi-Million Costs and Business Implications
Simplify Group’s annual report reveals the attack’s direct costs amounting to £7.3 million, partially covered by insurance. The incident prompted discussions with capital providers to safeguard the company’s long-term funding and capital structure. Indirect costs, including a reduction in client intake for ten weeks while remediation occurred, profoundly impacted the firm’s financial performance.
This severely affected the results for that financial year, when the company was otherwise on track to complete a record number of cases. Shareholders injected £15 million for post-breach recovery, underscoring businesses’ substantial challenges after cyber incidents.
Regulatory Scrutiny and Urgency for Preparedness
While Simplify immediately engaged a leading cyber response team, being prepared ahead of time is necessary in this dangerous era of cyber threats. In August 2023, the ICO reprimanded Durham law firm Swinburne Snowball & Jackson (SSJ) for not having sufficient protections in place and not being aware it needed to report data breaches to the ICO.
An employee’s Outlook email account was targeted in a spear phishing attack, impacting payments to beneficiaries of a probate case. The first breach was on January 11, 2021, but SSJ only became aware three days later, and the account’s password was changed on January 15. Following the incident, SSJ notified its data insurer, the Solicitors Regulation Authority (SRA), and the ICO after 11 days. SSJ faced repercussions for lacking sufficient protections and delayed reporting of that spear phishing attack.
SSJ did not have multi-factor authentication (MFA) in place for the account, claiming that its IT contractors had not previously recommended doing so despite various bodies, including the National Cyber Security Centre (NCSC), SRA, and Law Society, advocating for strong authentication measures.
The ICO also criticised SSJ for failing to comply with GDPR obligations regarding secure personal data processing to ensure ongoing system security and confidentiality and urged training while providing standard non-compulsory recommendations on governance, identity and access controls, technical control selection, staff training, and supply chain security. They warned, “If further information relating to this matter comes to light, or if any further incidents or complaints are reported to us, further regulatory action may be considered.”
A Call to Action: Strengthening Cyber Defences
The SSJ case is a stark reminder of the repercussions of inadequate cybersecurity measures, while the Allen & Overy incident showcases the imperative of being proactive. At Thrive, we specialise in fortifying businesses against data theft risks. Contact us today to ensure your clients’ data remains secure in the face of evolving cyber threats.