Welcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Brendan O’Leary, Vice President of Service Deployment. In his role, Brendan oversees the deployment of technology, ensuring that Thrive’s solutions are efficiently and effectively integrated into client environments.
Brendan resides in Providence, Rhode Island, where shares his home with his wife and their beloved dog. Brendan has a penchant for riding motorcycles when he’s not working, with his latest being a Moto Guzzi V7. He’s also a culinary enthusiast, often expressing that if he weren’t in IT, he’d likely turn his passion for cooking into a career.
Hi Brendan! Can you tell us about your background and how you came to Thrive?
Before joining Thrive, I was a part of Atrion, an MSP based in Warwick, Rhode Island. I began my journey there through its apprentice program. Over time, I gained experience and eventually became a senior engineer focusing on Microsoft 365 Technologies. When another MSP acquired Atrion, Thrive approached me and the timing felt perfect. I jumped at the opportunity and quickly joined and have grown my career alongside Thrive’s own growth.
Where did you go to school or get training?
I pursued a Bachelor of Science in Network Security at Roger Williams University in Bristol, RI. My education was further enriched by on-the-job experience handling customer projects and exposure to enterprise networks.
What do you most enjoy about working for Thrive?
That’s easy – it’s the people. Five years might not seem long, but during this time, I’ve witnessed incredible individuals grow their skill sets, becoming senior engineers or managers in various departments. Many of the folks who started alongside me have been personally and professionally invaluable. Thrive is known for identifying exceptional talent, both inside and outside of the company, and putting those talented people in the right position to succeed. The demands of an MSP can be intense, but the team at Thrive always ensures you feel supported and valued.
Are there any recent exciting projects at Thrive you can tell us about?
Certainly! Since the pandemic in 2020 Thrive has taken a major initiative to help our clients work securely and effectively in the new work from home and hybrid work reality. We’ve focused our efforts on how to make clients embrace all of the features of tools such as Microsoft Entra ID, Intune Autopilot, Azure Virtual Desktop as well as cloud and zero trust security solutions. It’s been great to be on the cutting edge of helping customers go through a true digital transformation.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
AI in Business: Efficiency in Exchange for Risks?Artificial Intelligence (AI) has captured everyone’s imagination, and many businesses are now exploring the potential for AI tools to reduce costs and create efficiencies. Over 3,000 AI enterprises and 129,000 people are employed in the UK. AI is projected to contribute over £42 billion to the economy through various applications such as machine learning programs, data analysis, sensor and signal processing, and automation.
However, it is still in its early phases, and using a new technology comes with unanticipated hazards.
This blog intends to inform business owners of the newly understood risks and answer the question: Can AI tools, such as ChatGPT, be used safely in the corporate environment, or should they be cautiously tested alongside scrutiny of the data privacy implications?
Uncontrolled growth
HSBC surveyed over 500 UK businesses and found that over a third are planning to use AI to generate business efficiency and replace staff. According to research by Startups Magazine, over 60% of SMEs are considering the same. According to a survey by The Times, British businesses are more wary of using AI than companies in the US. Organisations such as the British Retail Consortium recognise the business potential but warn against the risks of mindlessly using generative AI tools, such as ChatGPT and others.
Reaching 100 million active monthly users in its first two months, ChatGPT is widely regarded as a miracle software – but it’s far from it. The Law Society investigated reports of AI creating false reference links to material that did not exist but had supposedly been published by a major UK newspaper.
Notoriously referred to as “hallucinations,” AI chatbot software is getting a reputation for being, at best, imprecise and, at worst, untrustworthy, yet this is increasingly used in front-line B2C services as the link between customers and business.
“Black Box”
Essentially, these tools are a black box – ingesting user data without checking what is being collected, how it’s being used to formulate a response, and where it goes afterward. This has significant privacy implications when employees input sensitive corporate information.
Taking Samsung as an example, employees using ChatGPT to fix a coding issue led to an accidental data leak this year, prompting a blanket ban on generative AI tools due to intellectual property risk. This is no surprise, as ChatGPT’s privacy policy states that they “may provide your personal information to third parties without further notice to you unless required by the law.”
They also note that this includes “vendors.” The best way for CISOs to secure corporate information security is to discuss and work closely with data scientists. However, to prevent such readily preventable incidents, staff must review the privacy policies of each AI tool before use.
Lack of legal protection
In 2022, the UK Parliament began a review into the legal protection in place relating to the use of AI, which concluded in a March 2023 white paper that AI protection has significant gaps and currently relies on existing legal frameworks such as financial services regulation, without properly purposed or intended consequences. The implications for businesses present unexplored legal territory.
Recently, businesses have been surveyed to understand their awareness of these risks. Surprisingly, in the 2023 KPMG Generative AI Survey, out of 225 polled executives, 68% had not appointed any team or person to respond to the generative AI phenomenon, leaving it to the IT department in general – impeding employees from having specific guidance in the face of data risk.
60% believed they were one or two years away from doing this. But while executives mull over implementing appropriate generative AI solutions, employee use is increasing. In a recent survey by Fishbowl, 43% of 11,793 respondents admitted regularly using AI tools like ChatGPT for work tasks, 70% of which do so without the boss knowing.
Hidden bias and secret profiling
Even when used securely, AI has proven to act with extreme bias based on the information it gathers from the world around it. Some high-profile examples are Amazon’s gender-biased recruitment bot preferring men to women and police facial recognition software proven to be completely inaccurate when recognising darker skin tones – leading to the London Met stopping and searching many innocent black school children after being flagged by the AI software.
Without understanding if any of this exists in a business operation, this can incur severe consequences for your business, ranging from flat-out errors to devastating racial or gender bias. In the current AI climate, bias is unfortunately inevitable, and combating it is an ongoing battle for developers. Until a solution is concocted, companies must continuously vet AI output to ensure no unethical results have unwittingly been produced that could harm your business.
Hackers using AI
Data leaks and bias are not the only dangers AI presents. For several years, hackers have constructed increasingly personalised spear-phishing attacks that have become nearly impossible for employees to clock. 95% of business network attacks result from successful spear phishing – armed with highly specific emails that mimic usual correspondence between superiors and co-workers to gain trust.
What is the worst thing about spear phishing? Its effectiveness – it has a 40x greater return rate than regular phishing. The best thing? Its difficulty – 77% target just ten inboxes, and 33% just one. But the latter’s about to change, thanks to AI tools like ChatGPT.
Hackers are now using AI to quickly gather information using algorithms similar to those used in ad targeting to leverage data and give the victim a sense of urgency.
Additionally, they use the AI’s demographic and acquired personal data to predict the best targets. To top it off, the AI-powered personalised language can make emails (or even calls using Deepfake audio) sound exactly like they’re from a boss, friend, bank, co-worker, or anyone else – with these tools allowing hackers to learn and exploit work relationships.
So, how can your employees protect themselves against data leaks and similar risks?
Companies should set clear guidelines for responsible AI use, developing processes for ensuring the quality of AI output, guaranteeing safety, and reporting any concerns.
The Managing Director and Chief AI officer of Boston Consulting Group finds that “leadership should explicitly communicate what information should or should not be provided to the AI model” to avoid data getting compromised – and stresses that lacking a clear plan of action can potentially harm profitability and tarnish the reputation of a business.
How can you protect yourself and your employees from AI-enabled spear-phishing?
Employee education is crucial. Verifying unusual requests is essential to defending against spear-phishing due to the recent appearance of these assaults and the accuracy of the language employed. Most people wouldn’t question an email or phone call from a trusted co-worker or boss. Additionally, if employee error does occur, creating barriers with anti-malware software and implementing multi-factor authentication or, even better, contextual authentication can serve as a secondary line of defence.
Undoubtedly, AI has increased business efficiency and convenience to previously unheard-of levels. However, the abundance of new ethical issues, hazards to data security, and inaccuracies underline the need for businesses to take a cautious and responsible approach.
Partner with Thrive
Thrive is highly experienced in supporting small to medium-sized businesses in countering the latest threats, and we can work with you to ensure that your employees and business protocols are as resistant as possible to these emerging risks.
Contact Thrive today to discuss how we can help protect your business.
Thrive Spotlight: Angela Yengel, Manager, Project DeliveryWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Angela Yengel, Manager, Project Delivery. Angela manages the recontracts and offboarding teams within Project Delivery.
Angela lives in Myrtle Beach, South Carolina, and enjoys gardening, traveling, spending time with her family, and golfing.
Hi Angela! Can you tell us about your background and how you came to Thrive?
I started my career in the MSP world 14 years ago when I responded to a job posting on Craigslist for a Call Center Operator. I triaged calls for two years in the call center before moving to the renewals team, quoting client renewals of managed services and manufacturer support, and eventually becoming the Director of Renewals. After 13 years with the same organization, I was contemplating a new career path when Thrive contacted me for a position in the PMO handling Recontracts. I was already familiar with Thrive because several of my previous co-workers were already Thrive employees, so I made the jump and couldn’t be happier I did!
Where did you go to school or get training?
I earned my BS in International Business, starting at Central Connecticut State University and finishing at Strayer University. Once I began my career, I obtained my Cisco Sales Expert and Cisco Renewals Manager certifications.
What do you most enjoy about working for Thrive?
The people. Since the day I started, everyone I have encountered has always been fantastic to work with; it doesn’t matter what department or level of employee I have reached out to, everyone is willing to help and collaborate.
Are there any recent exciting projects at Thrive you can tell us about?
The Recontracts Pod is building a single dashboard for the Account Management team to provide all the information they need to have a complete and accurate view of their customer’s environment and contracts to increase speed and accuracy when quoting recontracts.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Thrive to Showcase Cybersecurity and Digital Transformation Solutions at DTX EuropeExperience Thrive’s Advanced Cybersecurity Innovations on Oct. 4-5 in London
FOXBOROUGH, Mass. – September 26th, 2023 – Thrive, a premier provider of Cybersecurity, Cloud, and Digital Transformation Managed Services, announced today its participation, exhibition, and sponsorship at the much-anticipated Digital Transformation EXPO (DTX) Europe event taking place in London on October 4-5. At DTX Europe, known for bringing together the best minds and leading digital technology, Thrive will present its state-of-the-art cybersecurity and digital transformation solutions.
Attendees are invited to visit Booth B36, where Thrive’s dedicated team will discuss the ever-changing dynamics of digital security and transformation, including its robust NextGen portfolio of managed end-to-end cybersecurity and Cloud solutions that drive secure digital transformation for small to mid-sized enterprises across various industries in Europe, the U.S. and Canada.
“It’s an honour to represent Thrive at DTX Europe,” remarked Steve Tilley, Head of European Sales at Thrive. “This event offers an unparalleled opportunity for us to connect with industry peers, spotlight our cutting-edge solutions, and stay abreast of the latest in cybersecurity and digital transformation. We proudly showcase Thrive’s ever-expanding European operations to keep European businesses resilient and competitive in the digital age with our secure, scalable, and flexible cybersecurity and Cloud technology.”
Visit Thrive at Booth B36 to explore Thrive’s managed cybersecurity and Cloud services. For more information or to schedule a meeting with Thrive at the show, please email stilley@thrivenextgen.com.
###
About Thrive
Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimisation. The company’s Thrive5 Methodology utilises a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security. For more information, visit thrivenextgen.com.
Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram
Cybersecurity Dangers Lurking in Hybrid and Remote Working
In our last few blogs, we’ve discussed the risks to UK businesses from cyber attacks in a “static environment,” such as an office.
We’ll now concentrate on the dangers your employees may encounter while away from the office. Most UK SMEs have now switched to a hybrid or accepted ‘work from home’ model for staff. However, cyber threats are emerging, targeting personal mobile devices used in the company business and authorised devices used in public places.
What’s the risk?
We already know that the greatest vulnerabilities happen when there is a human risk factor. When your employees are traveling or working away from their secure office environment, they can be most at risk of unwittingly getting malware on their devices, which they then bring back to the office and infect your protected network.
The challenge is that these new cyber attack vectors are springing up in least-expected places. A council car park was recently targeted in a ‘QRishing’ attack on the Isle of Wight. A fake QR code was convincingly placed onto parking meter machines used by visitors. When people scanned the code, expecting to be taken to a payment site, their device displayed a fake website that took their credit card information. As a result, their money was stolen by the cyber attackers and never received by the Council.
Unexpected places to be cyber attacked
Have you ever heard of “juice jacking“? It is a significant and growing threat likely to be experienced by employees on the move. This involves cyber attackers tampering with public charging stations and USB ports to gain access to users’ devices – jeopardising passwords, sensitive corporate data, and personal files, incurring privacy breaches, and even financial loss. As the convenience of public charging stations grows in popularity, the risk of falling victim to juice jacking has become more pronounced.
To mitigate this threat, users are strongly advised to avoid using untrusted charging ports. They are instead urged to plug their chargers and plugs into electrical outlets or carry their portable chargers. Employing data encryption and security software can further safeguard against potential attacks. However, if public charging stations are necessary, powering off the device can defend against data breaches. If you must use the phone while charging, selecting “charge only” when prompted to choose whether to “trust” the device can further aid protection.
Another increasing risk is attackers using seemingly innocuous QR codes to redirect users to phishing sites (known as QRishing) or download malware onto devices – resulting in unauthorised access to sensitive data and potentially incurring financial losses. Authorities have become aware of new attacks, such as in Camden, North London, where payment points for electric car charging were targeted. Now, reliable regional cyber authority sources across the UK are issuing warnings to local businesses. In a high-profile attack in the US this year, the Super Bowl featured a high-profile QR code ad for Coinbase, promising consumers $15 worth of Bitcoin for signing up. This provided a prime social engineering opportunity for cyber criminals to piggyback the trend and lure users in with an identical QR code loaded with malware.
Avoiding public QR codes is naturally the safest bet. Still, considering their newfound prevalence, there are various apps your employees can use to vet these codes before falling victim to scams. With popular options like Kaspersky QR Scanner, Sophos Intercept X, and Qrafter, the safety of a scanned link can instantly be confirmed before following it. Aside from apps, using a VPN and implementing two-factor authentication further protects against QRishing attacks.
Risks when working at home
Your employees’ homes are, of course, not immune to cyber attacks either. BlueBorne is a sophisticated attack vector through which hackers can manipulate Bluetooth connections to take complete control over targeted devices. It’s a devastating combination of incredibly desirable qualities to a hacker. Being airborne and highly infectious, it targets the weakest part of the network’s defence – the only one unprotected by security measures. What’s more, the high privileges that Bluetooth has on all operating systems allow for virtually unlimited control.
BlueBorne serves those determined to carry out cyber attacks with objectives ranging from cyber espionage, data theft, and ransomware to creating sizable botnets out of IoT devices, like the Mirai botnet. But how wide is the threat? The BlueBorne attack vector can affect all Bluetooth devices – an estimated 8.2 billion.
The security measures your employees might have, such as firewalls, mobile data management, and endpoint protection, must be equipped to identify these attacks – only blocking infections spread via IP connections. While new solutions are created to address airborne attack vectors, the best protection is ensuring devices are constantly updated as manufacturers continue to patch vulnerabilities and turn off Bluetooth and Wi-Fi when not in use.
Risks when browsing
A more specific way cyber attackers target employees is through watering hole attacks. This attack is designed to compromise users from a particular group or industry while they browse the web by infecting websites frequently visited by them, luring them into malware.
Cyber attackers who attempt watering hole attacks for financial motives or to widen their botnet can achieve this by infecting high-traffic consumer websites. However, targeted attackers, looking for results beyond financial gains, set their sights on popular sites in a particular industry, such as standards bodies, conferences, or professional forums. After finding a vulnerability on the website, they infect it with malware before waiting for users to take the bait.
To achieve this traffic, attackers may even prompt employees with highly contextual (sometimes AI-generated) emails, guiding them to a specific part of the compromised website. These emails usually don’t originate from the hackers themselves, but the newsletters received automatically anyway – making detecting these traps especially difficult. Complicating this further, the device is transparently compromised with a drive-by download attack, leaving the user oblivious to their device’s infection.
Fighting this off can be challenging for organisations, and websites can stay compromised for years before detection. Protection is increasingly essential considering recent similar attacks – for example, the 2021 “Live Coronavirus Data Map” from the Johns Hopkins Center for Systems Science and Engineering being used to spread malware to users nationwide.
So, how can organisations best protect themselves and their employees?
Advanced targeted attack protection solutions, such as web gateways, defending the enterprise against drive-by downloads matching a known signature can detect these attacks.
To protect against more elaborate attackers, organisations should employ more dynamic malware analysis solutions that vet frequently visited destination websites for suspicious behaviour. As for targeted email traps, look for an email solution that can analyse malware both at the time of email delivery, and at the user’s click-time. These mechanisms must protect the user whether they remain on the corporate network.
These are just some of the best practices we recommend. Thrive is highly experienced in supporting small to medium-sized businesses in countering the latest threats, and we can work with you to ensure that your employees and business protocols are as resistant as possible to these unusual places to be cyber attacked.
Contact Thrive today to discuss how we can reduce these risks to your business.
Employee Spotlight: Kevin Cott, Client Business ExecutiveWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Kevin Cott, Client Business Executive – Europe. Kevin focuses on delivering world-class IT strategies to potential clients.
Kevin grew up in Ireland but now calls the West Midlands in the UK home. He enjoys going on holiday, visiting Ireland or exploring European cuisine in his free time.
Hi Kevin! Can you tell us about your background and how you came to Thrive?
I studied Economics and Finance at the University of Limerick. Since 2010, I’ve worked in the IT reseller and Managed Services industries working with clients to leverage value from their investments in technology. I joined Thrive in March 2022, and while I wasn’t actively looking for a new role, I couldn’t turn down the opportunity to join such a great organization.
What do you most enjoy about working for Thrive?
There’s a couple of key things for me. Firstly, the goal is clear from the organization’s top to the bottom. Every single person that knows what we do and how we do it. Secondly, the caliber of the people that I get to work with. Thrive has built an amazingly talented team, making my role more straightforward as a client-facing sales team member.
Any recent exciting projects at Thrive that you can tell us about?
There’s so much going on it’s hard to choose. From a client perspective, our ability to enable them to cope with changing technology and cyber landscape is unmatched. I’ve seen firsthand how we are significantly moving the needle regarding their ability to cope with increasing workforce demands while securing their most important technology assets. From a Thrive perspective, I find our expansion into Europe fascinating.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Employee Spotlight: Kirsten Mills, Service Delivery ManagerWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Kirsten Mills, Service Delivery Manager for the Southeast Region.
Kirsten is always on the go and also enjoys spending quiet weekends with her family at home in Pelham, Alabama.
Hi Kirsten! Can you tell us about your background and how you came to Thrive?
I joined Thrive in January 2022 as part of the InCare Technologies acquisition. I handled labor and agreement invoicing, vendor audits, AR and collections. I worked closely with managed services engineers/managers and other InCare teams on audits and invoicing.
Working with various departments, especially engineering, and having a great CFO, Michele Boner, who supported and pushed me to be creative and outspoken, helped me learn about our products, customers, and the company.
In July 2022, Chae York (RVP of Service Delivery for the Southeast) asked me if I would be interested in moving to a Service Delivery Manager role. I accepted and have loved every minute of my new position, and my accounting skills have proven invaluable in my new work environment.
What do you most enjoy about working for Thrive?
I like my colleagues and the fast-paced service desk, and I learn something new every day. Every team/department I have interacted with at Thrive inspires me and is always helpful and willing to listen.
Working at Thrive, I feel valued, heard and supported. The company does a beautiful job listening to employees and supporting creative thinking.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Unmasking Cyber Threats: Exploring the Dark Realities of the Capita Ransomware AttackOur recent blog documented the enormous impact of a cyber ransomware attack on Capita, which has continued to affect the data and violate the privacy of thousands of UK consumers and businesses handling secure and sensitive information. Cited as one of the most significant known impacts on UK businesses and consumers, in this blog, we’ll dive more in-depth into the criminals behind this attack. We’ll also offer insight into how this happened and what smaller to medium businesses can do to protect themselves from this kind of event.
Questionable Motivations
Those responsible for oversight of the UK’s cyberspace, such as the National Crime Agency (NCA), are reporting the rise of cyber attacks targeted at businesses rather than individuals. And the impact is getting more severe. Cyber attackers are no longer just “lone wolves” but have joined with others to form groups with differing motivations and ideologies.
The original lone hacker, typified by the teenager in the bedroom, sees attacking businesses and governments as a game and challenges themselves to increasingly develop extreme skills, resulting in access to highly sophisticated systems, including secure government and defence networks.
One 16-year-old, purported ring-leader of the UK group Lapsus$, took down Microsoft. Another British teenager was arrested in 2019 after successfully hacking into Cloud accounts holding songs from some of the world’s best-known musical artists.
The rise of hacktivist campaign groups, such as Anonymous, is driven by social beliefs or political or religious affiliations. Their motivations are typically to target government agencies and to inflict damage or cause embarrassment rather than to steal data. They, too, may create disruption but impact businesses to a lesser extent.
Cyber attack groups that use the most sophisticated means of attack are generally believed to be state-sponsored. Black Basta is a Russian-speaking group and typically targets English-speaking countries in the “Five Eyes” defence community. Because of this, the group is believed to have an underlying political agenda. Capita is one of those organisations that support the fabric of British society heavily behind the scenes, as do many outsourced service providers and businesses that handle public information and process data on behalf of government bodies and agencies.
Who was behind this attack?
The difficulty in detection is that the distinction between nation-states and criminal groups is becoming increasingly blurred, making it harder to attribute cyber crime to specific groups. The NCA acknowledges that Russian language criminals operating ransomware as a service are responsible for the most high-profile cybercrime attacks experienced against the UK.
Black Basta (also known as ‘BlackBasta’) is a well-known ransomware group. Newly formed in 2022, they have rapidly become one of the most active known threat groups, attacking businesses in multiple countries such as the US, Japan, Canada, the UK, Australia and New Zealand. Being financially motivated, with the intent to gain as much money as they can, they use what’s known as a “double extortion technique.” This means that once they have infiltrated a company’s IT system and stolen high-quality data, they encrypt it so that it cannot be used by the company they have attacked and then threaten to publish or sell the data for a ransom of millions of pounds.
Black Basta claimed responsibility for this most recent attack and began advertising the data it had stolen from Capita’s IT system network. With a high level of sophistication in their attack methods and a reluctance to recruit or promote on Dark Web forums, many cyber attack watchers and analysts believe that Black Basta is either made up of members of another known criminal group or just a rebrand of the Russian-speaking group “Conti,” and could be linked to other Russian-speaking cyber threat groups. It appears that both groups use similar tactics and techniques.
How Do They Do It?
The details of Black Basta’s attack have not been made public. However, we can draw some conclusions. Like most cyber attacks, a seizure usually begins through human error. Typically, through a phishing email, Black Basta will gain initial systems access via a link embedded in a malicious document. Usually, this link arrives via email in a password-protected zip file.
Businesses must be aware that simple human errors, often through carelessness rather than maliciously, can result in catastrophic damage. For example, employees away on business connecting to unsecured Wi-Fi networks can make it easier for cyber attackers to access systems. Using the same password on multiple sites on both work and personal devices is another central area of vulnerability. Missing phishing emails while working in haste or lacking reinforcement training may have initiated this attack. IT Managers and CISOs need multiple layers of protection, such as training, awareness, and processes, to enable staff to safely perform regular operational duties to contain any potential threat. Insider threat is another vulnerability, and when an employee leaves under bad terms, there must be protections in place to prevent any unexpected breaches of company data, passwords, or critical processes.
In Capita’s case, staff initially reported that correct passwords were being rejected when they tried to log into its Microsoft Office 365 suite of applications. A vulnerability within
Microsoft Active Directory, which holds details of every user account on the network, is believed to have been targeted so that users could neither login nor change their passwords. Mass text messages were sent to Capita staff telling them not to log into corporate IT systems, but many of those messages still needed to be received.
What is the Active Directory Vulnerability 2023?
CVE-2023-21676 is a recently detected vulnerability in part of the Lightweight Directory Access Protocol (LDAP) system. Access enables attackers to execute code remotely onto Windows Server installations and gain System privileges, the highest user access level in Windows. The vulnerability affects all currently supported versions of Windows servers and clients.
In June 2023, Microsoft announced that it had acted against this zero-day vulnerability and provided a security patch.
What Should Companies be Aware of?
It is critical to review all layers of process, training, and security protocols and ensure company-wide awareness of the risks of cyber attacks. In practical and immediate terms and to effectively reduce the risks associated with this specific vulnerability, IT security staff should immediately apply the Microsoft patch issued on April 11, 2023.
In addition, Thrive recommends the following security best practices to mitigate the threat significantly:
- Regularly assess IT systems to identify vulnerabilities and misconfigurations.
- Ensure you patch and upgrade operating systems, firmware and applications.
- Have a policy of multi-factor authentication (MFA) and phishing protection.
- Train staff with simulated attack scenarios and ensure that processes are in place to report to the internal cybersecurity team promptly.
Thrive can advise, audit, and suggest how your IT security policy and procedures shape up to acceptable risk standards.
Contact Thrive today to discuss how we can reduce your risk of a cyber attack.
Managed Server and Workstation Patching Employee Spotlight: Matt Chabot, EVP of TechnologyWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Matt Chabot, EVP of Technology. He oversees the technology that optimizes clients’ business application performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services powered by ServiceNow’s automation and self-service capabilities.
Matt lives in Andover, MA, with his family. In his spare time, you’ll find Matt exploring the outdoors, hiking and biking in the summer and snowboarding in the winter.
Hi Matt! Can you tell us about your background and how you came to Thrive?
I started in IT by joining the Boston College help desk during my Sophomore year and then started assembling and selling computers out of my dorm room a year later. After graduating, I began working full-time at Innovative Networks and, shortly thereafter, became a founding partner and eventual CTO of Tier1Net. Over the next 20 years, I helped build Tier1Net into one of the most well-respected MSPs in Boston. In 2019 Tier1Net was acquired by Thrive and now I have the pleasure of helping to build the most well-respected MSP in the world!
What do you most enjoy about working for Thrive?
Every day I learn something new from the talented and dedicated teammates I have at Thrive and truly love working with them to help scale Thrive’s processes to meet our rapid growth rate.
Any recent exciting projects at Thrive that you can tell us about?
I geek out over automation and was excited when we recently automated a critical step in Thrive’s process to onboard new customers into our Endpoint Security and Response service offerings.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…