Author Archives: Megan Carnes

Thrive has again been named one of the world’s best-managed service providers in the prestigious 2023 Channel Futures MSP 501 rankings.

The 2023 Channel Futures MSP 501 list honors the world’s top managed service providers for their growth via recurring revenue and innovation while in a volatile economic and unpredictable business environment.

This year’s list is among the most competitive in the survey’s history. Thrive ranks #21 on the 2023 Channel Futures MSP 501 rankings, up from #50 in 2022.

The MSP 501 ranking doesn’t award MSPs solely on their size and revenue. It evaluates organizations based on annual sales, recurring revenue, profit margins, revenue mix, growth, innovation, and supported technologies during the previous year. The study also acknowledges the business acumen, best practices, and trusted advice they deliver daily to customers.

MSPs worldwide considered 2022 a key year with increases in SMB investments, cloud computing for the hybrid workforce, automation, AI development, M&As, and MSPs who excelled as frontline employees became trusted business and technology experts. The providers on this list demonstrated a commitment to moving the MSP and the entire channel forward while driving a new wave of innovation.

Winners will be recognized on the Channel Futures website and honored during a special ceremony at the Channel Futures Leadership Summit on Oct. 30-Nov. 2, in Miami, Florida.

Congratulations to all of the 2023 winners!  Click here to see a complete list of those recognized.

44% of government agencies have said they experience cyberattacks daily, with the pace of breaches accelerating, according to researchers.

While cybersecurity remains the biggest IT challenge and area of investment for government agencies, cybercriminals are leveraging the vulnerabilities and targeting poorly secured systems to attack critical services.

Essential public services like 911 operations and police and fire departments, could be shut down if a ransomware or malware attack occurs. Additionally, even if you pay the ransom, you may not get your files back, and if you’re an agency in a state that prohibits paying a ransom, then you won’t even have that option. This can hinder the accessibility of vital emergency services that communities rely on.

The following are the main risks to government agencies:

• Lack of affordable cybersecurity talent
• Outdated legacy IT systems
• Malware attacks
• Phishing and social engineering attacks
• Regulatory compliance requirements
• Lack of basic cybersecurity training

Cloud security can help combat these threats with a set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure.

Thrive has experience helping agencies and organizations in the SLED sector mitigate critical threats.

• Thrive’s 24x7x365 Security Operations Center is staffed with cybersecurity engineers to protect your mission-critical infrastructure.
• To avoid data loss, Thrive advises your organization to back up its data to an impartial third party.
• To reduce susceptibility, Thrive collaborates with your organization to detect security flaws.
• To identify cybersecurity threats, Thrive builds a long-term strategy by learning about your organization’s goals, people, procedures and technologies.
• Thrive delivers tailored security-managed services to protect your organization while reducing cyberattacks.

At Thrive, we have 700+ technical resources and IT experts with a cumulative 3,000+ years of experience managing security for educational institutions of all sizes, using the best technology to safeguard your network from online threats.

Don’t wait, contact us to learn more.

Did you know that 81% of healthcare executives say the pace of digital transformation for their organization is accelerating? In addition, 93% report they are innovating with a sense of urgency and call to action.

More Healthcare organizations are using the Cloud to process enormous amounts of healthcare data with real-time access to medical information.

However, despite the growing popularity of Hybrid Cloud deployment, many hospitals still use outdated software systems that have been patched repeatedly.

That’s why healthcare providers are turning to Thrive to tap into the full potential of the Cloud while maintaining compliance and security and reducing costs..

Take your healthcare organization to new heights with Thrive.

1. Reduced CapEx Spend  When partnering with Thrive, your healthcare organization won’t need to pay upfront costs for expensive infrastructure and hardware. Thrive also helps you eliminate hidden operating costs and reduces downtime to keep your business running.
2. Efficiency Hybrid Cloud delivers flexibility and can be engineered to meet all HIPAA and HITECH compliance requirements. It reduces overlap in processes and provides a necessary update to legacy infrastructure.
3. Enhanced Regulatory Compliance Healthcare organizations need to meet reporting and risk assessment requirements, and Thrive’s experts can help your organization be agile without sacrificing safety or compromising compliance. Thrive performs a risk assessment and provides strategic IT consulting services to ensure a fully customizable Cloud migration plan is designed and executed.
4. Advanced Cybersecurity As healthcare business systems grow in complexity, there is an increased risk of vulnerabilities, exploits and security breaches. Thrive’s comprehensive Cybersecurity solutions protect your business, uncover, and mitigate risks and meet stringent regulatory requirements. Our security-first Cloud approach is flexible and economical, provides specific, actionable information and is backed by a 24x7x365 Security Operations Center.
5. Disaster Recovery
   Hospitals, health systems, and doctor’s offices cannot afford critical infrastructure failure, security breaches or human error. Data backup and security are essential, as well as a disaster recovery plan (DRP). When networks go down, or cyber-attacks occur, Thrive provides Cloud-based recovery so your healthcare organization can resume IT operations rapidly with minimal or no data loss.

Thrive gives healthcare organizations peace of mind with a comprehensive, proactive security strategy with technology solutions. Read more in our recent industry brief here.

Click here to contact us today to solve and manage your healthcare organization’s Cybersecurity and Cloud needs.

Mr. Waleck, a technology services veteran executive, joins Thrive’s global leadership team to focus on strengthening customer-centric programs

FOXBOROUGH, Mass. – June 13, 2023 – Thrive, a premier provider of cybersecurity, digital transformation and Cloud Managed Services, proudly announces the appointment of Joe Waleck as Chief Customer Officer (CCO). In this role, Joe will oversee all customer initiatives and the account management and customer success teams responsible for client CSAT, retention and growth. Mr. Waleck backfills the lead customer executive role that Bill McLaughlin, vacated in 2022 upon being promoted as President of Thrive.

As an industry leader with over 20 years of IT solutions expertise, Joe brings innovative experience that will continue to propel Thrive to new heights. He has a proven track-record of building and leading teams that take new and disruptive technologies to market while solving customer challenges across all market segments. Before coming to Thrive, Mr. Waleck spent over 15 years as Vice President of Sales at Presidio (formerly BlueWater Communications Group), a leading North American IT solutions provider focused on Digital Infrastructure, Security, Cloud & Managed Services.

“I’m pleased to join Thrive’s global leadership team and deliver innovative customer retention strategies, cultivate long-term partnerships and facilitate deeper connections with our esteemed client base of nearly 3,000 strong to ensure continuous improvement to the client experience,” said Joe Waleck.

Mr. Waleck will be instrumental in continuing to fortify Thrive’s position as a top-tier provider of managed services, offering end-to-end solutions to support secure digital transformation with its unrivaled NextGen portfolio of managed cybersecurity and Cloud solutions.

“With Joe at the helm, we’re confident in our ability to enhance Thrive’s client success culture, further strengthening our commitment to providing the highest level of customer service available,” said Bill McLaughlin, President at Thrive. “Joe will oversee all account management, functions and champion initiatives to optimize customer satisfaction and loyalty within Thrive’s innovative suite of NextGen cybersecurity, Cloud & managed services.”

For more information about Thrive, visit thrivenextgen.com.

###

About Thrive

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security. For more information, visit thrivenextgen.com.

Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram

MEDIA CONTACT:

Stephanie Farrell

Thrive

VP of Marketing

sfarrell@thrivenextgen.com

617-952-0289

For the third year in a row, Thrive made the Boston Business Journal’s exclusive Fast 50, which represents the 50 fastest-growing private companies in Massachusetts. The companies on the 2023 Fast 50 list are selected and ranked based on revenue growth from 2019 to 2022.

This year, Thrive ranked 21.

Thrive’s NextGen Technology Platform platform optimizes IT business application performance for Boston-area businesses and beyond with innovative management of Cloud, Collaboration, Cybersecurity, Disaster Recovery, Digital Transformation, Global Network Management and traditional IT Managed Services.

From 2019 to 2022, Thrive acquired 13 companies, including 2 internationally since 2001. Thrive is a global leader in providing end-to-end managed services and unrivaled experience to secure digital transformation for small to mid-sized organizations across numerous industries.

Congratulations to all this year’s winners!

For the complete list of 2023 Fast 50 companies, visit The Boston Business Journal’s website here.

Cybersecurity attacks are on the rise and threaten the global financial sector, despite rising knowledge in the banking industry. These include preparations from the Bank of England (BoE) and regulators to stress test the UK banking system itself.

So how bad is this, and who’s behind the attacks?

What’s happening?

Severe cybercrimes are soaring and with 63% of financial organisations acknowledging a cyber attack in the 12 months to December 2022, each having the potential to create mass disruption within the financial sector, the industry is taking this threat extremely seriously. The European Central Bank, Governments, and their Security Services monitor these attacks, particularly those that seem state-sponsored or from other threat actors such as organised crime or activist groups.

A global threat

Some watch groups attribute the rise in cyber attacks to Russia’s current invasion of Ukraine. Recently, Ukraine’s Defence Ministry and several Ukrainian-owned banking organisations were all taken offline in a significant cyber attack. But around the same time, both the Moscow Stock Exchange and Sberbank, Russia’s biggest bank, were hit by DDoS attacks that were said to have come from a group of hackers in support of Ukraine. Both Ukraine and Russia said the strikes were done by the other country.

However, there is a global rise in state-supported cyber attacks. Last year the group calling itself ‘Lazarus,’ otherwise known as APT38, believed to be a nation-state threat of North Korea, carried out spear phishing attacks using weaponised Microsoft Office documents targeting decentralised finance applications in banks in Poland, Mexico, Vietnam and Ecuador.

Hacker motivation

Groups of hackers acting in a collective interest are not always state-sponsored. A group called DarkSide, with members, believed to be in Russia, Eastern Europe as well as Iran, Syria, China, and North Korea, appears to target larger ‘for-profit’ businesses and claim they donate some cyber attack profits to charity through a ‘Ransomware-as-a-Service’ (RAAS) model.

Cyber attacks by the most notorious hacking groups, such as Lazarus, Cobalt and FIN7, are now impacting financial institutions by directly affecting customers and the integrity of banking operations. Over $81m was stolen from Bangladesh’s central bank in a cyber attack, and in March 2023, the Australian bank Latitude Financial had 14 million sensitive customer records stolen.

Similarly, in South Africa, the data of 3 million customers was taken from its TransUnion credit bureau in a cyber attack. In the UK, Qubit Finance lost £65m of cryptocurrency and a ransomware attack hit the Pension Protection Fund threatening its assets of £39bn+. A recent outage at ION Cleared Derivatives was so significant that the London and Dublin based company was forced to revert to a manual trading system, causing massive financial impact due to delays in settling trades. The knock-on effect of this attack on a critical futures trading partner within the derivatives market not only affected businesses in the supply chain, including Macquarie, UBS, and Royal Bank of Scotland but caught the eye of the regulator as it also severely impacted the Commodity Futures Trading Commission in the US derivatives market.

The wider socio-economic impact

Cyberattacks resulting in the theft of cash, cryptocurrency, or customer data are destructive enough, but reputational damage is potentially worse. When customers hear about a potential cyber attack on their lifetime savings, the bank suffers a potentially permanent loss of trust which can wreak havoc on the banking system.

With an average direct loss of £4.8m for every cyber attack suffered by financial organisations, as reported by IBM in a 2022 report, and in response to this increasing threat, the finance community is extending its regulatory stress testing policy to simulate and mitigate against cyber attacks. The highest perceived attacks on these businesses are through advanced persistent malware, ransomware, across the supply chain or denial of service.

Does size matter?

Large financial organisations benefit from regulatory protection and insight into the risk of a cyber attack. A recent UK government cybersecurity survey counted 39% of UK businesses as having experienced a cyber attack. Smaller and medium enterprises must be sufficiently protected against such losses and have adequate cyber IT expertise, resources and security.

Many of these large businesses in the financial sector use Managed Service Providers such as Amazon and Microsoft to provide cloud computing and reduce their level of exposure to a cyber attack. Using a specialist IT support business with a larger pool of skilled resources and knowledge is beneficial for the smaller business, for whom the loss of sensitive customer data or interruptions to daily business operations due to a cyber attack would have significant implications. One strategy used by Managed Service Providers is a ‘zero-trust’ approach. This assumes that any person or device with access to a system may have been compromised, requiring multi-factor authentication to validate every user and consider system access to be ‘privileged’ only via permitted devices.

Intelligent security choices

Partnering with a specialist IT provider is proven to offer many efficiency and cost benefits for smaller businesses, and those handling sensitive or financial data must ensure that they select a partner skilled in the latest cyber support techniques.

With the European Central Bank keen to ensure that large banks conduct cyber stress tests that adequately prepare them for any foreseeable attacks, smaller and medium size businesses in the finance sector will need to take steps to protect themselves.

Talk to Thrive, we are a trusted cyber security specialist and an accredited Managed Service Provider and can offer your business the Next Generation of Managed Services.

Contact Thrive today to learn how we can help your business stay secure in today’s digital age.

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Neil Solomon, Client Business Executive at Thrive. Neil is a strategic thinker with a flair for charting out strategies for clients with customized solutions to enhance their businesses.

Neil lives in Sykesville, Maryland and enjoys doing home projects and spending time at the beach. You can also find him on the sidelines, coaching his kids on baseball and basketball teams.

Hi Neil! Can you tell us about your background and how you came to Thrive?

I first became interested in computers at age 12. I enjoyed building, coding, troubleshooting and problem-solving. That led to a natural progression of my IT career with roles as Director of IT, Senior Solutions Consultant, National Enterprise Account Manager, Director of Sales and now here at Thrive, as a Client Business Executive. I joined Thrive after one of my former colleagues raved about the company’s leading Cybersecurity and Cloud solutions. And it was all true!

Where did you go to school or get training?

I received my bachelor’s degree in Information Systems Management and an MBA Certificate from the University of Maryland Baltimore County.

What do you most enjoy about working for Thrive?

The people here are like family. Everyone works together as a team and is always willing to listen and adapt to change to achieve success.

Any recent exciting projects at Thrive that you can tell us about?

Being awarded a spot at President’s Club during my first full year at Thrive was an honor, and I look forward to continuing the journey to achieve many more goals.

Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

The word “risk” is taking on a whole new meaning for the financial services sector in the coming months as the Security and Exchange Commission’s (SEC) burgeoning regulatory agenda has proposed a myriad of updates to existing regulation that will require enhanced cybersecurity and risk management capabilities. Hardly the Commission’s first foray into technology and cybersecurity, the landscape has long since shifted from “if” to “when” cybersecurity risk management will be formally codified in the federal register – and the time is now. Although the proposed language indicates that cybersecurity programs should be “tailored based on business operations”, many Registered Investment Advisers (RIA), Investment Companies (IC), and similar organizations lack the internal expertise to develop, implement, and administer cybersecurity risk management programs appropriate for their business size and complexity. Furthermore, the growing scarcity of information security resources (cyber workforce gap of 3.4 million globally / 436,000 in the US) has created challenges related to finding and retaining relevant talent. Now more than ever, firms need experienced partners capable of delivering managed technology, cybersecurity, and industry-specific advisory services in a cost-effective package that addresses business challenges while driving ROI.

Thou Shall Perform a Risk Assessment (and Other Requirements)

While there are distinct nuances between the requirements proposed in each of the rules, all of them are rooted in establishing robust cyber risk management programs. Firms need to first develop a foundation of written policies and procedures outlining risk analysis processes, risk detection capabilities, reporting, and risk treatment options. The program should combine both administrative and technical functions and must be overseen by a qualified information security practitioner. Typically, these requirements are achieved through risk assessment and incident response planning exercises. Conceptually, these requirements are not new, however, a majority of the regulated entity market has only some of the necessary components in place, and now must allocate resources to quickly mature their programs and capabilities.

The regulations also outline novel reporting requirements that further elevate the urgency for implementing robust programs. One of the most polarizing elements of the proposed Cybersecurity Risk Management rule is the mandatory 48-hour reporting threshold for submitting information regarding “significant” cybersecurity incidents to the SEC using a new form ADV-C. Proposed changes in Regulation S-P, which is more narrowly scoped to information systems and data sets pertaining to consumer financial information, also incorporates a 30 day requirement for notifying individuals of a cybersecurity incident or unauthorized access / use of their sensitive information. Although the timeframes may be adjusted as a result of industry review and feedback, the reporting requirements are expected to remain in finalized regulation.

With these requirements on the horizon, does your organization have the proper technical tools and processes to a) detect cybersecurity incidents and b) explicitly identify the information systems and/or data sets impacted by the incident? If not, you may be unable to limit your exposure when meeting the reporting requirements – if you don’t know which data was impacted, you’d have to notify all clients, for example.

A Checklist for Success – If Only It Were That Easy

For information security and IT compliance practitioners, a complete checklist of all things required to maintain continual compliance is the holy grail. Alas, one size does not fit all, especially with the modern dynamic threat landscape, ever-evolving regulatory cannon, and increasing globalization. Keeping in mind that each organization requires a bespoke blend of technology, doctrine, and personnel to fit their risk profile, the below list is a good starting point to begin evaluating your program maturity:

Administrative

• Written Incident Response and Risk Management policies and procedures.
• Written Risk Management policy, processes, testing, and reporting procedures.
• Written Incident Response Plan (IRP).
• Third party cybersecurity risk management and incident response processes.
• Qualified professional administering the cybersecurity programs.
• Qualified professionals capable of responding to detected cybersecurity incidents.
• Formalized protocols for reporting incidents to the Commission and for notifying clients within the required timeframes.
• Data classification, critical systems classification, classification of personal data within business systems.

Technical

• Identity and Access Management (IAM) solution (configured to least privilege).
• Multifactor authentication on all remote access vectors at a minimum.
• Endpoint detection and response (EDR)
• Network detection and response (e.g., MDR, XDR)
• Security monitoring for all cloud environments (IaaS, SaaS, PaaS, etc.)
• File and folder auditing, monitoring, reporting.
• Encryption for data at rest and in transit.
• 24×7 Security Operations Center (SOC) monitoring and response.
• Security Incident and Event Management (SIEM) solution for log aggregation and preservation.
• Security testing – Penetration testing and Vulnerability Scanning.
• Vulnerability and patch management solution.

How Thrive Can Help

Whether your organization needs help developing policies and procedures, conducting risk assessments, managing your cyber program, or with beefing up your technical cyber defense capabilities, Thrive’s Compliance as a Service (CaaS) and financial services division is ready to deliver. Our 1300+ team has decades of experience supporting financial services clients and understands the industry-specific complexities.

Fill out the form below to contact Thrive today to learn more about our customizable solution packages and how we partner with our clients for the long term.

Links to Referenced Regulation and Source Material:
1 “Cybersecurity Risk management for Investment Advisers, Registered Investment Companies, and Business Development Companies”
2 “Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, Municipal Securities rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents”
3 “Regulation Compliance and Integrity (Reg-SCI)”
4 “Privacy of Consumer Financial Information and Safeguarding Customer Information (Reg S-P)"
5 (ISC)2 Cybersecurity Workforce Study 2022

I joined Thrive to lead the European sales team and to work with a global brand with an outstanding reputation for innovating cybersecurity, Cloud and Collaboration managed services. I am excited about the opportunity that it presents for myself and the organisations I engage with day to day. The most key factor for me was the ability to deliver a superior customer experience.

It is apparent to everyone in this industry that the lack of resource is the most pressing challenge for Cybersecurity professionals. I have yet to meet a CISO who is awash with free time and has an armada of help available should they need it. The vast of majority of security professionals have multiple projects running simultaneously and are having to balance managing board expectations, running security ops, training the internal client and the multitude of vendor relationships that need to be serviced.

These challenges magnify even further in the smaller business as there is often no CISO and sometimes no member of the team with security in the title. It is often left to someone to manage security as a second job or voluntarily include it in their remit. I have come across organisations in the thousands of users with no head of cybersecurity. Sometimes this is due to rapid growth and sometimes unfortunately, it is due to the “we’ve never had a problem” mindset.

Lack of resource is often the driver when the customer goes to market for a cybersecurity project but I feel that sometimes that challenge is often deliberately misinterpreted by vendors to suit their project portfolios and strategies.  For instance, a vendor’s strategy could be built around AI and the rhetoric is that due to the AI tech there will be no need for additional resource. This strategy works well for the vendor as it’s able to sell high margin software, increasing the stock price and satisfying the shareholders but is it really solving the customers problem?

I have come across many customers in the last few years who have purchased appliances and software and are frankly in no better position than they were. They have no one to manage the output from the product they have purchased which can mean alerts can be missed and misunderstood. I have actually had a customer say to me about a security product they had purchased “I know it’s doing something but I have no idea how to interpret the alerts.”

Further to this, anyone who has recently been involved in the RFP for a cybersecurity solution will see from the myriad of responses they receive that there is always a misinterpretation of the core challenge, deliberately or not. This is due to the shear amount of cybersecurity vendors and often, the vendor strategy not being able to address the challenge. Customers are having to be prescriptive in their requirements to root out the misdirection and the partial responses. I have been delighted to see an increase militance from customers around staying true to solving their core challenge.

I believe that overcoming lack of available resource can be addressed by combination of people, process and technology. It was important to me to join an organisation that can help IT and security professionals with their full security programme and actually provide much needed relief for overworked and under stress cybersecurity professionals. At Thrive, we have the ability to sit side by side with the customer and work together to solve their challenges and that excites me!

State education agencies and school systems are on high alert due to a rise in ransomware attacks on K–12 educational institutions.

Computer systems in schools have been the target of cyberattacks, which delay access and interrupt digital and remote learning. In other cases, ransomware threatened to steal and leak private student information unless schools paid a ransom. As schools implement more technology in classrooms, the threat landscape is ever increasing.

The cost of most ransomware losses is downtime, which can be even more expensive than the settlements. Cyberattacks can also ruin an organization’s reputation. Since private schools and other educational institutions compete for student applications, this can have a greater impact.

If a school fails to protect critical data and practice effective cybersecurity, it will reflect poorly on that organization.

The following are the main risks to educational institutions:

• Cyberattack: A person, group, or entity that generates all or some of an incident with the intent to compromise the security of a person or an organization.
• Domain Spoofing: Establishing web domains that resemble trustworthy websites to deceive users who input URLs incorrectly or click on similar URLs.
• Doxing: The act of gathering or disseminating personally identifiable information about a person online, usually with malevolent intent.
• End-of-life Software: Outdated programs and devices that no longer receive patches, security upgrades, technical assistance, or bug fixes leave users open to assaults.
• Phishing Emails: When someone poses as a reliable entity in an electronic contact in an attempt to steal sensitive information or data, such as usernames, passwords, credit card numbers, or bank account information.

Because educational systems have limited people, funds, and resources, and as cyber threats get more sophisticated, these IT infrastructures are at serious risk.

Here are several ways that Thrive can contribute to the digital security of educational organizations.

• Thrive has a committed staff of cybersecurity engineers working around the clock to safeguard your mission-critical infrastructure.
• To avoid data loss, Thrive advises your facility to back up its data to an impartial third party.
• To reduce susceptibility, Thrive collaborates with your organization to detect security flaws.
• To identify cybersecurity threats, Thrive builds a long-term strategy by learning about your organizational goals, people, procedures, and technologies.
• Thrive delivers tailored security-managed services to safeguard your institution while reducing cyberattacks.

At Thrive, we have 700+ technical resources and IT experts with a cumulative 3,000+ years of experience managing security for educational institutions of all sizes, using the best technology to safeguard your network from online threats.

Don’t wait, contact us to learn more.