A company specializing in international transportation solutions, customs, warehousing and distribution was experiencing repeated technology and Wifi issues. Their current MSP was unresponsive, had continuous data backup failures, and failed to remediate persistent wireless access issues. In addition, there was no proactive strategic planning in place for the company’s aging infrastructure.
The logistics organization was searching for a technology partner and was impressed with Thrive’s reputation and deep bench of talented IT professionals. Once the current MSP learned another vendor was being vetted, it cut the company off from all technology and support. Thrive jumped right in to maintain business continuity and begin improvements on the antiquated IT infrastructure. Thrive experts deployed the Thrive Cybersecurity bundle, Managed EBMS Firewalls, Managed Backups and 24×7 server and technical account support.
As a result of Thrive’s fully-managed Cybersecurity, firewall and backup solutions, the logistics company has already experienced a huge reduction in lagging response times. The Thrive team was able to take a deep dive and identified risks and issues that created a lot of downtime for the logistics organization. Thrive is moving forward with a plan to upgrade the company’s infrastructure and replace the WiFi in its warehouses that will further improve the workflow and speed up delivery and receiving times.
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT USA financial investment firm turned to Thrive to fortify its security and make business operations more efficient Download Now
A financial investment firm wanted to improve its security and build an operational roadmap to solve IT pain points. The firm had a small IT team struggling to manage daily tasks and due to the critical nature of their IT assets, they were concerned about making any major changes. The company wanted a vendor to offload work from the IT team while giving them visibility.
The firm selected Thrive for its financial industry and compliance expertise leveraging technology. Since the company’s IT team was concerned about major changes, Thrive was transparent and interactive throughout integrating new technology and processes. The Thrive team listened to the IT team’s needs and prioritized the changes in phased rollouts to avoid confusion. Thrive deployed a robust suite of Cybersecurity solutions, including Vulnerability Scanning and Assessment and Advanced Software Patching. Thrive’s ServiceNow onboarding and workstation deployment was set up as a Cloud-based client portal that provides a real-time view of its network anywhere, at any time, and creates, routes, and closes IT support requests.
Thrive’s managed solutions have improved security and efficiency for business IT operations. The financial firm is now moving forward with other Thrive solutions, including its Managed Security Information and Event Management (SIEM) solution, a fully managed and hosted IT infrastructure security monitoring platform. Thrive plans to provide access to its fully-staffed, 24x7x365 security operations center (SOC) to monitor any potential threats continuously. Soon, Thrive will also deliver Endpoint Detection and Response (EDR) and vCISO services.
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.
To learn more about our services, CONTACT USEmployee Spotlight: Emily Craft, Associate Engineer
Welcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Emily Craft, an Associate Engineer at Thrive. Emily coordinates clients’ incidents and service requests within Thrive’s Remote Service Center.
After beginning her career in the educational industry, Emily parlayed her degree in Art History and Criticism into her current role of critically analyzing client needs, dispatching requests for onsite resources, and the potential for future client schedule coordination.
Emily lives in Long Beach, New York, and enjoys running near the beach, traveling with her fiancé, reading and painting.
Hi Emily! Can you tell us about your background and how you came to Thrive?
I spent the first ten years of my career in education before leaping into the technology industry in early 2022. One of my first steps in the transition was to become CompTIA A+ certified through the Computing Technology Industry Association. This certification led me to join Thrive in October of that same year.
Where did you go to school or get training?
I earned my bachelor’s degree in Art History and Criticism and Studio Art at Stony Brook University. Later, I acquired several technology-related certifications, such as CompTIA A+, Mimecast Warrior and ITIL 4. I’m currently studying for the CompTIA Security+ certification and the AZ-900.
What do you most enjoy about working for Thrive?
I enjoy quite a few things about working for Thrive. I enjoy all the challenges I face daily, which keeps things interesting. I also appreciate the team members I work with. They’re a great group, and I’m lucky to be a part of it. Lastly, I love that Thrive fosters its employees and helps them along their career paths.
Are you interested in learning more about Thrive? Click here!
The acquisition of the Austin-based Managed Service Provider deepens Thrive’s Southwest presence
FOXBOROUGH, Mass. – July 12, 2023 – Thrive, a premier provider of Cybersecurity, Cloud and Digital Transformation Managed Services, announced today the acquisition of IT Freedom, a technology managed services provider based in Austin, Texas. The acquisition extends Thrive’s NextGen Managed Security & Services Platform into Texas and will enable IT Freedom’s clients to securely accelerate their Digital Transformation journey to the Cloud.
“IT Freedom is a customer-first technology services company with a stellar track record of providing a white glove experience to clients of all sizes in Austin for over two decades,” said Rob Stephenson, CEO of Thrive. “We’re excited to partner with the IT Freedom team to service their clients and anchor Thrive’s expansion plans throughout the state of Texas.”
As a Texas MSP pioneer, IT Freedom has provided managed IT, security, network, and cloud services and support since 1999.
“IT Freedom is proud to have delivered outstanding service to the Austin market for more than 20 years with state-of-the-art technology and unrivaled customer service,” said Carey Jung, IT Freedom Founder and President. “Our company culture and rapid growth align perfectly with Thrive as it continues to expand its NextGen Cybersecurity & Cloud portfolio in Austin and beyond.”
IT Freedom is Thrive’s 19th acquisition since 2016, further accelerating Thrive’s global footprint and position as a leading end-to-end managed services technology provider.
For more information on Thrive, visit thrivenextgen.com.
Thrive is a leading provider of NextGen managed Cybersecurity & Cloud-based services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Automation Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security. For more information, visit thrivenextgen.com.
VP of Marketing
617-952-0289Before the Deal: Private Equity Firms Now Requiring Cybersecurity Controls at Portfolio Companies
Private equity (PE) firms have no choice but to adapt as digital transformation continues to accelerate across all industries, and with it, elevated cybersecurity risk across their portfolio that has become a key due diligence focus area before investments are made.
Baseline requirements for PE investment are strict for a reason, and undervalued companies work tirelessly to demonstrate their growth potential and vision in order to find the right funding partner to help grow their business. Now, in addition to requirements like financial health and management structure, savvy PE firms are prioritizing minimum standards for cybersecurity in order to protect their potential investments.
The increased attention on cybersecurity inspection, often before a deal is even signed, is the new normal. Cybersecurity crime and breach statistics are off the charts and demonstrate just how significantly cybersecurity has evolved as a risk factor for business operations and long-term business viability.
According to a report by Cybersecurity Ventures, the global cost of cybercrime is expected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. And a 2020 study by IBM found that the average cost of a data breach is $3.86 million, up 10% from the previous year. In response to these staggering numbers, insurers, for instance, often require applicants to demonstrate that they have cybersecurity measures in place before they grant coverage, while regulators are applying pressure at historically high levels.
Prospective PE Portfolio Companies Face Unique Risk Vulnerabilities
Once a company has agreed to be acquired by a private equity firm, it may become a more attractive target for cyber attacks. There are several reasons why:
- Any funding announcement draws attention and the threat actor’s perceived value of the company in receipt of investment increases due to its association with the private equity firm. This has the potential to draw the attention of cybercriminals who may see the private equity firm’s involvement as a sign that the company has valuable assets or data that can be exploited for financial gain.
- The acquisition process itself can make the company more vulnerable to cyber attacks, as due diligence requires a massive amount of data sharing including sensitive financial, legal, and operational information with the private equity firm and its advisors.
- During the integration process, the portfolio company is often exposed to new systems, networks, and technologies that can introduce additional cybersecurity risks. Integrating IT systems and data across different organizations can open up security gaps that are easily exploited by cybercriminals.
To minimize these risks, private equity firms should conduct thorough due diligence on the cybersecurity posture of the portfolio company before the acquisition, and implement appropriate cybersecurity measures and protocols during the integration process. This may include conducting regular vulnerability assessments and penetration testing, implementing strong access controls and data encryption, and providing cybersecurity awareness training to employees.
A mature cybersecurity program is no longer just the priority of large, well-resourced companies. From startups to mid-market, firms are now finding that a host of third parties including clients, insurance providers, regulators and investors, are now requiring them to implement sustainable cybersecurity defenses.
The PE firm/portfolio company relationship is a symbiotic one by nature: value sees value. The only way to ensure mutual success in today’s always-on and interconnected world is to secure the value both parties offer. Value creation is hard to achieve without value protection. Thrive’s NextGen managed services for private equity firms can optimize, manage and protect critical infrastructure in real time, at all times.
Ramp Up Cybersecurity with Thrive
To help portfolio companies get started on the path to cyber risk mitigation, Thrive can design and implement a strong security foundation to ensure the right actions and choices are being made to protect the organization and achieve compliance.What’s Happening Across Managed IT Services
The managed services market is growing, and shows no signs of stopping. The global MSP market size grew to $238.71B in 2021, and is expected to reach $274B by 2026, with expansion occurring at a compound annual growth rate (CAGR) of 13.4% from 2022 to 2030. Put more simply, demand for managed services is on an accelerated path as more businesses strive to boost operational efficiency, productivity and cater to remote work environments.
For customers, implementing and managing infrastructure technology will continue to become more complex and challenging as firms transition to the Cloud to stay competitive while also facing a constant stream of issues around cybersecurity and network management.
Here’s what else is going on:
- According to a commissioned IDC study, nearly 55% of companies are using managed services for value-added services and to reduce security risks, which have multiplied since the pandemic’s outbreak as employees work remotely and business partners and customers rely entirely on electronic communication
- One survey by CompTIA showed that 50% of companies who engaged an MSP saved 1-24% in annual IT costs, 33% saved 25-49%, while 13% reported savings of more than 50%
- It is expected that 36% of the ballooning managed cloud services growth will originate from North America between 2022-2026, with the U.S. being the key driver. According to a 2022 report by Technavio, this increasing cloud technology adoption among end-users such as SMBs and large enterprises for automating their business process, including data processing and outsourcing and Internet services, will fuel the growth
- According Statista, the U.S. has the highest average total cost of a data breach at $9.44 million. In 2020, 25 percent of respondents worldwide reported the average hourly downtime cost of their servers as being between $301,000 and $400,000 U.S. dollars
- A 2021 study found that only 54 percent of respondents at U.S. businesses employing 500 or more staff have a documented, company-wide disaster recovery plan in place.
- Globally, there was a 141% jump in the number of records stolen in 2020 – reaching a total of 37 billion, as cybercriminals target more diverse data sources to sell and to use for extortion.
Keeping pace with the rate of technological change is hard enough, it is even harder to rationalize managing IT, digital transformation, and the cyber threat landscape on your own.
Whether you’re managing your IT in-house and need a boost, or are looking for a partner to manage it all – Thrive can help. Speak with one of our experts today to see how our bundled managed services packages can help your organization meet its NextGen IT goals.Cybersecurity Risk Assessment
Cybersecurity risk management applies to business entities in every vertical. Whether you’re in finance, healthcare, education, or beyond, it is vitally important to know your organization’s security posture on an ongoing basis. Especially when signing up for a cybersecurity insurance policy, insurers need to know where an organization’s risk profile currently stands and the steps they’re taking to proactively mitigate cyber risk on an ongoing basis.
A Cybersecurity Risk Assessment involves reviewing a company’s technology infrastructure and related processes to identify potential vulnerabilities and to verify that controls are put in place to minimize organizational risk. Download this guide to cybersecurity risk assessments to understand how best to calculate your risk exposure.
DOWNLOAD our white paper today!
Understanding the SEC’s Proposed Cybersecurity Standards
Cybersecurity represents an ongoing challenge for alternative investment firms and the financial industry. And this challenge continues to grow in scope, complexity, and cost. According to IBM and the Ponemon Institute, the 2021 average cost of a data breach in the financial sector was $5.72 million.
In response, the U.S. Securities and Exchange Commission (SEC) has recently proposed new standards for cybersecurity management. According to the SEC’s February 2022 press release, “the proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks.”
While greeted favorably among cybersecurity professionals and the financial community, the news represents a significant course change for the SEC. To date, there have been no SEC rules or regulations that require financial firms to implement cybersecurity programs. However, the wide-ranging SEC proposal addresses advisor and fund cybersecurity risk, establishes new required elements of policies and procedures for advisors and funds (including disclosure of risks and reporting of cybersecurity incidents), and concludes with a detailed economic analysis.
Read more: How CXOs View Cybersecurity
Breaking Down the Proposed SEC Cybersecurity Compliance Requirements
The recommendations of the SEC compliance proposal can be divided into five areas:
- User security and access
- Information protection
- Incident response and recovery for cybersecurity
- Threat and vulnerability management
- Risk assessment for cybersecurity
Here is a brief description of each area and how the prescribed changes could impact your organization:
User Security, Access & Information Protection. Pandemic-driven remote working and the resulting extended security perimeter have driven significant changes to security requirements, including an increase in multi-factor authentication use. The SEC’s recommendations will require organizations to employ updated security technology and vulnerability management capabilities. These include additional controls for data loss prevention and known registered devices. Many financial organizations have already begun adopting these measures.
Incident Response & Recovery. The SEC’s proposal will require the reporting of threats and other security events (like a vendor breach or a cyber incident). These are similar to GDPR privacy breach reporting requirements but go further. The SEC will also require an activity paper trail and detailed record-keeping around cybersecurity due diligence. If adopted, the SEC proposal will mandate advisors and fund owners to publicly disclose cybersecurity risks and incidents that have occurred in the last two fiscal years.
Vulnerability Management & Risk Assessment. According to the SEC, “Advisers and funds of every type and size rely on technology systems and networks and face increasing cybersecurity risks. The rules would therefore require all of these advisers and funds to consider and mitigate cybersecurity risk.” The SEC’s proposal mandates the categorization, documentation, and prioritization of cybersecurity risks based on a comprehensive information systems inventory.
Effective and Flexible — Striking the Appropriate Balance
The proposed rules and amendments seek to deliver short-term effectiveness while acknowledging the need for flexibility as requirements and capabilities evolve. “The balance is achieved in recognition of the speed of technology change,” explains Ian Bowell, EMEA Information Security Manager. “Being too specific or restrictive and referring to a particular technology standard would be like requiring 4G, and not permitting 5G.”
In short, the SEC is working hard to avoid getting tied up in regulations that could quickly become outdated. Changes in cyber threats and the discovery of new vulnerabilities must also be addressed promptly, and even for the most prepared organizations, continuous change will require ongoing improvements and adjustments.
As a leading Managed Service Provider for the alternative investment industry (including hedge funds, private equity, and family offices), Thrive is well-versed in the industry’s demanding cybersecurity requirements. Thrive’s capabilities, existing framework, and certifications (like NIST and ISO 27001) will help simplify and expedite your firm’s adoption and compliance with the new SEC standards.