Audax Private Equity, a leading investment firm, recently acquired Aspen Surgical, a surgical products business previously under Hillrom’s umbrella. This case study highlights how Thrive, a trusted technology partner, facilitated a seamless transition for Aspen Surgical’s IT infrastructure, enabling a successful carve-out and setting the stage for future growth and innovation.
Separation Struggles
Aspen Surgical tackled the challenge of untangling its IT infrastructure from its former parent company, Hillrom, which involved adding new servers, migrating data, and enhancing security. Audax and Aspen Surgical sought a partner to establish their new IT infrastructure and ensure timely completion before the transitional services agreement expired.
Thrive Chosen for Expertise in Mid-Market, PE-backed Ventures
Audax chose Thrive for its innovative approach and proven expertise in mid-market, PE-backed ventures, streamlining critical projects like mergers and acquisitions. “Thrive’s portfolio-wide reporting back to the fund is unique in the marketplace and ensures secure and scalable platforms. Additionally, its proactive cybersecurity approach mitigates post-acquisition risks and lays the groundwork for seamless add-on investments,” said Kevin Ellis, Vice President of Sales at Thrive. Audax also valued Thrive’s dedicated PE-focused teams and tailored support for fast-growth businesses.
Precision in Action: Planning and Execution
Collaborating closely with Aspen Surgical’s internal IT team, Thrive meticulously planned server and data migration, deployed new Office 365 tenants, and implemented robust security measures with an innovative ticketing system for quick response time, resolution and communication. This strategic approach ensured minimal downtime and disruption to operations, laying a secure foundation for future endeavors.
Seamless Deployment
Thrive prioritized security and scalability by implementing advanced endpoint security measures and robust backup and disaster recovery services. These efforts aimed to mitigate cybersecurity threats and minimize downtime risks. Solutions deployed include ThriveCloud, ServiceNow technology, Security Information and Event Management (SIEM), 24x7x365 Security Operations Center, NextGen Endpoint Security (EDR), Vulnerability Scanning, End User Security Training, Phishing Simulation.
Our PE-experienced team possesses the technical and strategic skills to navigate rapid growth scenarios, providing unparalleled support focused on value creation, protection, and PE-specific engineering and account management. Throughout the carve-out process, Thrive ensured project completion within the confines of the transitional services agreement, emphasizing the importance of effective communication and comprehensive project management.
Realizing the Vision: Achieving Success with Thrive
With Thrive’s aid, Aspen Surgical smoothly transitioned to its new IT infrastructure, bolstered by NextGen services for scalability and resilience, while proactive cybersecurity measures ensured value protection post-acquisition. Leveraging Thrive’s services, including ThriveCloud, Aspen Surgical guarantees scalable solutions for future growth, with ongoing support ensuring a robust IT setup. With Thrive’s help, Audax and Aspen completed the carve-out on time and budget, facilitating rapid expansion and investments for Aspen Surgical’s future prosperity.
Revolutionizing Private Equity Transactions
Thrive’s unparalleled expertise in supporting PE transactions transcends individual carve-outs. By providing portfolio-wide reporting and innovative solutions tailored to PE firms’ unique needs, Thrive is poised to revolutionize how investment firms manage and optimize their technology investments, driving value and enabling strategic growth initiatives.
Thrive’s Value Creation and Protection Designed for PE
Acquisitions draw attention, making companies vulnerable to impersonation and phishing. Smaller to mid-market PE firms with technical debt are especially at risk due to outdated security. Immediate security analysis post-acquisition is crucial to mitigate threats promptly. Neglecting this can lead to significant financial losses, emphasizing the need for proactive cybersecurity measures to safeguard against attacks targeting newly acquired businesses.
Agile and Adaptive for PE Transactions
Thrive consistently conducts thorough IT operations reviews and security evaluations. In many cases involving PE firms, transactions come with technical debt and scalability challenges. Nonetheless, Thrive’s agility allows for swift adjustments to the current operational landscape, ensuring seamless support and adaptability to evolving needs.
“Our team was faced with a significant migration project and we sought out an experienced partner to help us make the process seamless and be available as an extension of our internal team for support when needed. Thrive ended up being the partner we were looking for – and more.” ~ Christopher Dukes, VP of Information Technology, Aspen Surgical
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Thrive Launches Security Response & Remediation Services to Safeguard Businesses Against Cybersecurity IncidentsNew offering empowers organizations to better contain and remove cyber threats, minimizing business disruption and associated costs
Boston, MA, March 12, 2024 – Thrive, a global technology outsourcing provider for cybersecurity, Cloud, and traditional managed service provider (MSP) services, today announced the launch of Thrive Incident Response & Remediation, an on-demand cybersecurity response service to contain and remove threats, along with engineering assistance to rebuild and restore critical systems.
Phishing, ransomware and other cyberattacks put businesses of every size at huge risk of losing millions of dollars trying to remedy the situation. In fact, according to IBM, the global average cost of a data breach in 2023 was $4.45 million – a 15% increase over three years. This kind of cost is unfathomable for many businesses – especially small to mid-sized enterprises, who simply cannot afford to pay out such a vast sum.
To help customers mitigate risk and avoid the rising costs of security threats, Thrive has introduced its latest cybersecurity offering: Thrive Incident Response & Remediation. With this solution, customers are connected to a dedicated Incident Responder from the Thrive Security Operations Center (SOC) in the event of a security incident to access the incident’s scope and provide immediate response actions to restore services. Thrive Incident Response & Remediation proactively gets ahead of cybersecurity threats by collaborating on pre-incident planning and running an automated compromise assessment that will hunt for threats already in the environment. Should an incident occur, customers using the service will see faster recovery time after a cybersecurity incident, keeping business disruption and the costs associated to a minimum.
Thrive’s Incident Response & Remediation services include:
- Pre-Incident Planning: Thrive security experts engage with subscribed clients to ensure that they have an approved incident response plan, an asset inventory prioritized based on business impact and a backup strategy for critical systems
- Incident Response Tools: Upon working together, an incident response agent is installed on systems prior to an incident. These advanced tools ensure potential threats are contained faster and provide high-value forensic artifacts.
- Compromise Assessment: Thrive conducts an automated compromise assessment during onboarding to identify current threats that may impact systems
- Prioritized Incident Management: Users can report an incident with a 15-minute response time guaranteed by the Thrive SOC to begin threat assessment and scoping
“Many business leaders today are facing the daunting task of safeguarding their IT environment amidst an evolving cybersecurity landscape, and need support to ensure they have the tools and experience that will keep their systems and data safe,” said Michael Gray, CTO of Thrive. “At Thrive, we make being the IT and cybersecurity experts our business so our customers can focus on their own. Thrive’s Incident Response & Remediation services is the latest extension of that mission so that no matter the threat, our clients have the resources and peace of mind needed to keep their businesses moving forward.”
Thrive Incident Response & Remediation is the latest of the company’s comprehensive solutions aimed at safeguarding the entire IT environment and securely optimizing business performance. Thrive’s tailored cybersecurity solutions ensure end-to-end protection of customer’s systems and data and enable businesses to stay ahead of potential threats. The more Thrive managed security services a customer consumes, the lower the cost, as Thrive automatically applies a tiered discount towards monthly retainer remediation services.
To learn more about Thrive and its offerings, visit the website.
About Thrive
Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.
Contacts
Amanda Maguire
Alexa Capital, a global corporate finance and M&A advisory firm selected Thrive to optimise it’s IT infrastructure with regulatory compliance Download Now
CHALLENGE
Alexa Capital, a global corporate finance and M&A advisory firm specialising in energy technology, energy infrastructure, and e-mobility, grappled with challenges regarding its IT partner. The 22-person FCA-regulated team, based in Mayfair, faced issues of insufficient service levels, particularly with the office based in NY, and a lack of strategic guidance. The firm felt a misalignment with regulatory standards and business expectations, prompting it to seek a more fitting and effective IT partnership with experts who specialise in the corporate finance industry.
SOLUTION
Alexa Capital chose Thrive because of our record of success, depth of capabilities and pedigree within the investment community. In addition, Thrive’s structure, service delivery model, and ability to immediately address challenges stood out amongst the other vendors. Thrive implemented Managed IT Services (Helpdesk, M365, Telephony, Cloud), Managed EBMS Networking (Fortinet & Meraki) and Managed Security: SOC & SIEM, EDR and Cloud Security. Thrive have additionally agreed a plan forecasted in the short-term to address alternative cloud-based data storage solutions to further optimise the firm’s internal filing system for improved efficiency and better utilisation of the M365 environment. Thrive will continue to proactively support and guide Alexa Capital on further recommendations to enhance the firm’s IT infrastructure and cyber security.
RESULT
In addition to ensuring strict regulatory compliance, this project significantly improved operational efficiency. Real improvements resulted after forming a strategic relationship with Thrive, including better strategic guidance, higher service levels and overall better IT performance for Alexa Capital.
“Thrive’s expertise enhanced our IT operations, aligning technology with our business objectives. By choosing a specialized partner in financial services, we’ve noticed an improvement in our client experience. Thrive enhanced our cybersecurity posture by adding 24×7 monitoring & response from Thrive’s own Security Operations Centre. We have peace of mind knowing that we are following industry best practices.” ~ Alexa Capital
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Guarding UK Enterprises: Defending Against Escalating Cyber Threats in 2024As cyber attacks continue to surge across the UK for the third consecutive year, businesses face the daunting task of safeguarding their digital assets amidst a complex landscape. A recent study conducted by Tenable and Forrester Consulting sheds light on the severity of the situation, revealing that a staggering 48% of cyber attacks target UK organisations.
This alarming trend, coupled with recent reports from the BBC detailing cyber attacks on police forces, councils, and businesses, underscores the urgent need for a robust cyber security strategy. In this blog, we delve into the escalating cyber threats facing UK businesses and offer practical solutions tailored to your organisation’s needs.
Escalating Cyber Threats
This revelation from Tenable paints a grim enough picture. Still, when coupled with further statistics from the State of Trust 2023 Report (surveying the behaviours and attitudes of 2,500 business leaders, including 500 in the UK), we see that the average approach from UK businesses does not nearly correspond to the level of risk presented.
The report found that, on average, only nine per cent of UK companies’ IT budget is allocated to security. This reveals a stark misalignment between escalating cyber threats and the security of UK businesses and leaves them exposed to risk.
Furthermore, the State of Trust 2023 Report published by Vanta indicates that less than half (42%) of UK organisations rate their risk visibility as vital. This prevents businesses from effectively gauging and comprehending the extent of the risks faced. As threats rapidly evolve in prevalence and sophistication, a lack of comprehensive risk visibility can leave you and your employees wide open to data breaches.
Widespread Targets
Recent cyber attacks targeting large corporations and smaller businesses underscore the indiscriminate nature of these threats. For instance, in early January 2023, the Royal Mail fell victim to a ransomware attack, causing significant disruption to its operations at a distribution centre near Belfast, Northern Ireland, where the printers began frantically spitting out the ransomware gang’s demands. Much like the December 2022 attack on The Guardian, this caused widespread disruption to the sizable company.
Similarly, smaller local councils like the Western Isles local authority Comhairle nan Eilean Siar and Redcar and Cleveland Borough Council have also been targeted, compromising sensitive data and disrupting essential services.
Notably, proactive measures were undertaken by organisations like Oldham Council, investing £682,000 in computer upgrades after it revealed the company was actively warding off 10,000 cyber attacks per day. Such investments enhance disaster recovery capabilities and provide comprehensive protection against ransomware attacks, safeguarding critical data and mitigating potential financial losses.
IT Security Budgets Too Low?
Today, many British businesses openly share that they believe their systems are subpar. With only nine per cent of the average UK company’s IT budget dedicated to security, most are aware of the risk they take on. However, in attacks like these, financial loss is not only incurred through client trust erosion and business disruptions. The fines from regulators for not keeping businesses resistant to customer data breaches can be staggering.
The need for more allocation of IT security budgets presents a formidable challenge for UK businesses. With a mere nine per cent of the average company’s IT budget dedicated to security measures, numerous organisations acknowledge the inherent risks they face. However, the consequences of a cyber attack extend far beyond mere financial losses, as exemplified by the Equifax case. The Financial Conduct Authority fined this large credit reporting agency over £11 million for failing to protect the personal data of nearly 14 million British clients in one of the most significant cyber security breaches ever recorded. Among the data leaked in the 2017 breach were names, dates of birth, phone numbers, addresses, and credit card details of unsuspecting British consumers.
Equifax’s troubles did not end there. Following the leaking of personal data of almost 150 million US customers, the company faced a record settlement of $800 million with American authorities. Patricio Remon, Equifax’s European head, highlighted the immense investment made in security and technology transformation since the cyber attack against the company six years ago, amounting to over $1.5 billion.
Despite these efforts, the company received a £500,000 fine from the UK’s Information Commissioner’s Office in 2018 for the same attack, the maximum fine allowed at the time. While these actions illustrate efforts in Britain to mitigate the impact of ransomware attacks, challenges persist beyond its borders.
Prosecutors in Belarus, Russia, and several other former Soviet Union states show little inclination to pursue such lucrative cyber crimes, according to assessments from the National Cyber Security Centre and the National Crime Agency (NCA). Additionally, ransomware operators have been identified in West Africa, India, and Southeast Asia.
James Babbage, a director of general threats at the NCA, noted that traditional criminal justice outcomes are challenging to achieve against actors based in uncooperative jurisdictions. Consequently, the US, UK, and other allies have relied on technological methods to dismantle some of the most prolific cyber criminal networks, such as the Qakbot network and its counterparts.
What’s particularly alarming in this report is the simplicity with which these attacks can be thwarted. Many businesses need to implement basic security measures such as multi-factor authentication, a widely accepted industry standard that is easily implemented. Others overlook the importance of using strong passwords or updating every machine on their network regularly.
A Worrying Reality
These statistics underscore a worrying reality: many UK businesses operate with inadequate cyber security measures that fail to align with the escalating digital threats. As cyber criminals evolve tactics, companies must reallocate resources and adopt robust cyber security strategies to mitigate risks effectively.
In light of these challenges, businesses must proactively enhance their cyber security posture. At Thrive, we specialise in partnering with companies to navigate the complex cyber security landscape. Contact us today to fortify your defences and ensure resilience against emerging cyber threats.
Thrive Enhances IT Infrastructure of Law Firm Hill & Ponton Download NowCHALLENGE
Facing a pivotal decision, Hill & Ponton stood at a crossroads: either invest in upgrading their aging equipment or transition to private cloud. As a law firm situated in Orlando, Florida, they prioritized high availability and stability to safeguard sensitive data against cyber threats and natural disasters. Seeking enhanced security layers and a robust recovery strategy, they recognized the importance of establishing an effective security management program for future success. Acknowledging the evolving threat landscape, Hill & Ponton sought a specialized partner capable of navigating the increasingly disruptive IT environment essential for law firms’ stability and safeguarding sensitive client information.
SOLUTION
Thrive’s solutions empowered Hill & Ponton’s digital transformation by providing a secure pathway to the cloud, enabling them to leverage advancements in cloud solutions beyond the capabilities of their legacy systems. With their cloud migration completed in May 2020, the firm gained enhanced performance flexibility, crucial for adapting to COVID-19 lockdowns and facilitating seamless operations in a remote setting. In June 2020, Thrive augmented their services by integrating Managed Services (MSP) into the Virtual Private Cloud (VPC), delivering comprehensive monitoring, alerting, antivirus, patch management, and server support. Additionally, Thrive implemented immutable backups and advanced endpoint protection with Managed Detection and Response (MDR), further fortifying Hill & Ponton’s IT infrastructure. By entrusting Thrive with data management, accountability, and advanced security measures, Hill & Ponton’s digital capabilities were bolstered with additional layers of protection. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
RESULT
The timing proved opportune for Hill & Ponton’s cloud migration, aligning with their commitment to staying technologically current. Opting for a trusted partner was paramount, especially for a project of this magnitude. The integration of managed services empowered their lean IT team to focus on critical tasks amid company growth, while Thrive handled compliance and security requirements. Hill & Ponton attests that their infrastructure now stands as its most reliable and secure, thanks to the cloud, positioning them to navigate the online landscape with confidence in today’s IT environment.
“Partnering with Thrive has led to a phenomenal improvement in our IT infrastructure security and reliability. Our small internal IT department now has the tools and capabilities of a much larger team for a fraction of the cost. I wholeheartedly recommend Thrive if you’re looking for an IT infrastructure partner you can trust with your data and ultimately, your business.” ~ Allen Harper, IT Manager, Hill & Ponton
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT US
Thrive Spotlight: Marc Friesen, Senior Cloud Engineer, Remote AccessWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Marc Friesen, Senior Cloud Engineer, Remote Access. In his role, Marc focuses on Thrive’s Managed Azure Virtual Desktop and Managed Citrix Cloud remote access methodologies. He also operates as a subject matter expert on many related technologies such as Duo MFA and Printerlogic managed Cloud print management, among others. In addition, Marc collaborates with internal teams throughout Thrive that coordinate management and support of Thrive’s many Cloud offerings and work on new technologies to vet and integrate them into Thrive’s platform.
Marc lives in Maryland, which is a short drive away from Thrive’s Elkridge office. He is an avid reader and video gamer. Marc enjoys playing Dungeons and Dragons with his fellow dad friends when they can find a hole in their busy parental schedules, and he recently started periodically playing the card game Magic the Gathering with Thrive colleagues after work.
Hi Marc! Can you tell us about your background and how you came to Thrive?
I came to Thrive as part of the 2019 acquisition of Ease Technologies, where I was the lead engineer for over 13 years building their Cloud Computing and MSP business. That role transitioned into Cloud engineering for Thrive with our Managed Azure Virtual Desktop and Managed Citrix Cloud Platforms.
Where did you go to school or get training?
I received my Bachelor’s degree from Bethel College, a tiny school in North Newton, Kansas, where my family has gone for three generations. I frequently tease my 11-year-old daughter that she has to be the 4th generation.
I also attended school in Lyon, France, and Henderson, Nebraska.
What do you most enjoy about working for Thrive?
I am a fan of efficiency because it makes everyone better at their jobs and reduces stress for ourselves and our customers. That includes the organizational efficiency of professionalism.
Many times in IT, one gets stuck in the weeds of a particular problem; at Thrive, we have a bewildering breadth of experience, which means I can bring up a complex problem to colleagues and come back with a simpler/better solution that has been verified and documented.
Are there any recent exciting projects at Thrive you can tell us about?
Cloud computing is going through an explosion of capabilities and functionality as Microsoft has pivoted from a software to a service company. New features will allow offline login to Cloud desktop with data still accessible for offline work and then synced back when the system comes back online, all from a secure dedicated integrated boot environment.
We recently completed a complex migration for a customer from RDS to AVD and received the feedback after a few weeks running that “everything just works the same or better, so we have no feedback.” Music to my ears!
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
The Future is Now, Powered by AI“We see an onslaught of clients thrown against the wall and can’t keep up with threats,” said Stephenson. “We use AI to tool through every realm. Use AI to make better in-time decisions. However bad guys use AI to create exploits and vulnerabilities. AI is like a double-edged sword.”
Thrive Spotlight: Antwoine Adams, Senior Project Delivery LeadWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Antwoine Adams, Senior Project Delivery Lead. In his role, he manages Thrive’s Enterprise and Strategic customers’ projects from design to delivery to execution. He serves as the liaison between our customers and the engineering teams at Thrive.
Antwoine calls Maryland home, and in his free time, he enjoys working out, watching basketball, and cheering on his son’s basketball, baseball and football games.
Hi Antwoine! Can you tell us about your background and how you came to Thrive?
My journey began as a helpdesk technician at my alma mater, Virginia Union University. My early interest in Cloud technology led me to volunteer to manage a significant PBX to VoIP project. This experience gave me a valuable boost in self-confidence and a sense of belonging in this field. Although the project was a success, I wasn’t initially considering a career as a project manager.
During that period, I was fully committed to being a Cloud engineer and had no plans to shift my focus. My transition into project management happened quite unexpectedly. I had the unique ability to both engineer and manage my projects. The company I was working for at the time recognized this skill set and approached me to assist in managing projects for other engineers. I agreed without hesitation. It was at that moment that I realized working on a project was significantly more straightforward than engineering, and I never looked back.
I joined Thrive after working at another MSP because I was seeking a fresh challenge in the same tech field, specifically within a larger company that offered a broader range of customers in its portfolio.
Where did you go to school or get training?
I completed my undergraduate studies at Virginia Union University, and for my Master’s degree, I attended South University in Savannah, Georgia. Regarding ongoing training, I firmly believe in continuous learning and utilize various resources, including reading, LinkedIn and YouTube.
What do you most enjoy about working for Thrive?
My team! I am incredibly fortunate to be part of a close-knit team that significantly makes my job more manageable. We share effective communication, collaborate seamlessly and genuinely enjoy working together.
Are there any recent exciting projects at Thrive you can tell us about?
Over the last six months, I’ve taken on the responsibility of managing some of Thrive’s high-value enterprise clients. This role has allowed me to demonstrate the significance of having a dedicated program manager and instill confidence in our ability to complete projects for these clients
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
The Unspoken Threat from State-Sponsored Cyber Attacks and How They Might Affect Your BusinessMany UK businesses may not know that as they go about their daily activities, the UK Security Services (MI5/MI6, alongside NCSC and GCHQ) are working diligently to protect their interests from state-sponsored cyber attacks. These government agencies monitor and prevent significant cyber attacks on the core systems that enable UK infrastructure (the Critical National Infrastructure or CNI) to operate.
In this blog post, we uncover the latest threats posed by aggressive nations targeting the UK’s Critical National Infrastructure (CNI). We shed light on the severe impacts on British financial systems and businesses that have been disclosed to the public.
Hidden Targets
Larger organisations working in or supplying parts of the UK’s Critical National Infrastructure supply chain are typically informed about state-sponsored threats. However, smaller and medium-sized businesses are not always kept in the loop due to security concerns. Despite their inability to prevent state-sponsored attacks, SMEs must make themselves aware of potential risks within their supply chains for business continuity.
Vulnerability in Critical Infrastructure
Britain ranks as the third most targeted country for cyber attacks, and in 2023, it was the most targeted European nation. Recently, the vulnerability of Critical National Infrastructure (CNI) has escalated, posing a significant risk. Many CNIs have been outsourced to private companies, creating a clash between ensuring safe operations and the profit-driven priorities of private sector businesses. This friction jeopardises investment and preparation for cyber attacks, presenting a substantial threat to UK businesses.
The outsourcing trend can lead to businesses replacing existing systems with commercial off-the-shelf products, potentially cost-effective but varying in cybersecurity protection. This increases the likelihood of severe physical disruption. The infamous 2017 WannaCry ransomware attack, although not specifically targeting the UK, is a stark example of the potential consequences of a deliberate attack.
The HMRC has recently expressed concerns about its “old and ageing” IT systems. Failure to upgrade Whitehall’s security measures is seen as a risk for a major security breach affecting Britons’ National Insurance and bank details. Experts warn that such a breach could expose the UK to threats from Russia and China, both state-sponsored and independent. The HMRC’s annual accounts highlight the potential for a “major IT failure or security breach” due to the current software, posing a permanent risk to business operations.
Tax expert Heather Self from Blick Rothenberg points out that the substantial expenditure involved is the obstacle to updating IT systems. She emphasises that if budgets are constrained, there is a risk of neglecting the upkeep of even the UK’s most critical systems. This ongoing situation reiterates the need for SMEs to be aware of this potentially long-term issue.
“Very Large Probability” of a Devastating Cyber Attack
Amplifying the existing threat landscape for SMEs, the government has issued a direct warning, indicating a 5% to 25% likelihood of a severe attack on the UK’s Critical National Infrastructure (CNI) within the next two years. This information is drawn from the 2023 National Risk Register, an annual government report consolidating risks ranging from terrorism and cyber attacks to hazardous weather incidents. The report highlights risks to vital British infrastructures, including gas and electricity supply, the NHS, the transport sector, and civil nuclear facilities.
Typically, the anticipated attacks involve actions such as encrypting, stealing, or destroying data, which are crucial to the functioning of the UK’s CNI. This jeopardises user data and threatens public trust, especially concerning electoral processes. The assessed likelihood of such an attack is rated at 4 on a scale of 1 to 5, with 5 being the highest probability. The anticipated impact is deemed “moderate,” yet it still signifies potential economic damage in the billions of pounds, as well as up to 1,000 deaths and 2,000 casualties.
Artificial intelligence (AI) is also identified as a “chronic risk,” presenting continuous challenges that could harm the British economy, National Security, and overall life. According to the World Economic Forum, 93% of cyber leaders believe there is a high probability of global geopolitical instability leading to a catastrophic cyber event.
Dark Web Data Leaks
In a recent cybersecurity incident targeting the UK, Russian hackers were suspected of leaking classified British military data on the dark web. The compromised information included details about the Porton Down chemical weapons lab, an HMNB Clyde nuclear submarine base, and a GCHQ listening post—additionally, the leak exposed sensitive data related to maximum security prisons and military sites.
GCHQ warned about similar attempts by Iranian and Chinese hacker groups to carry out such attacks. The National Cyber Security Centre (NCSC), a part of the UK’s intelligence and security agency GCHQ, urged Critical National Infrastructure (CNI) operators, including those in energy and telecommunications, to be vigilant and prevent Chinese state-sponsored hackers from infiltrating their systems.
According to an April-published government report on cybersecurity breaches, 32% of businesses and 24% of charities reported data breaches in the past year, with larger firms experiencing a higher rate of 69%. Despite being common targets for hackers seeking extortion, this report did not include public sector organisations.
Analysts point out that SMEs in the finance, insurance, information, communications, administration, and real estate sectors, part of the CNI, face a higher likelihood of cyber attacks than those in other industries. Recognising this growing risk, the government has emphasised the need for all organisations to bolster their cybersecurity measures.
Be Ready for Cyber Threats
Staying informed about the latest cybersecurity threats affecting Critical National Infrastructure (CNI) is crucial for maintaining a solid defence. The alarming examples and statistics underscore the pressing requirement for SMEs to proactively strengthen their cybersecurity measures, especially with aggressor nations focusing on the British CNI.
Thrive boasts extensive experience collaborating with SMEs to ensure security, even amid intricate attacks. We offer support, guidance, and assistance to help fortify your business. Reach out to us today to elevate the cybersecurity of your business.
Thrive Spotlight: Duane Kostas, Service Dispatch SupervisorWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Duane Kostas, a Service Dispatch Supervisor based in the Foxboro, MA office. He manages the scheduling of Thrive’s Field Engineers, coordinates third-party resources for projects, and AdHoc matters in areas lacking Thrive employees, dispatches personnel nationwide and internationally, and fosters relationships with third-party resources to optimize service for Thrive and its customers across all company locations.
While Duane is considered a rockstar at Thrive, he used to be a literal rockstar, playing bass guitar and singing in bands for nearly 30 years! He is still passionate about music and occasionally meets with pals for jam sessions to relive the glory days.
Hi Duane! Can you tell us about your background and how you came to Thrive?
With my IT background and experience in Kaseya and ConnectWise from a previous IT support job, I started as a desk support engineer for Corporate IT Solutions in 2010. As the company expanded, I noticed the need for better team management, I became the first Service Coordinator, which was crucial in keeping day-to-day operations running smoothly. When they merged with Thrive, I came along for the ride. Post-merger, I transitioned to a Client Engagement Manager role and currently serve as the service dispatch supervisor for Thrive. Having a technical background has helped me to succeed in both roles.
Where did you go to school or get training?
I received technical training at Newbury College in Brookline, Massachusetts, and Roger Williams University in Bristol, Rhode Island. I earned an associate’s Degree in Programming from Newbury College and received an Outstanding Student Achievement Award for graduating with a 4.0 GPA.
What do you most enjoy about working for Thrive?
What I appreciate about being part of the Thrive team is the company’s enduring presence. Thrive’s continuous growth and resilience during the challenges of the COVID-19 pandemic speak volumes about the strength of its management and the dedication of its employees. It’s something that holds significant value for me.
Are there any recent exciting projects at Thrive you can tell us about?
I’m excited to continue to focus on enhancing Thrive’s dispatching process. I’m dedicated to refining the system by providing training and developing accessible documentation for everyone.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…