CiSP Membership Provides Cybersecurity Consulting Clients an Additional “Thrive” Against Ongoing Threats
Anytime two entities engage in a mutually beneficial partnership, that typically results in a win-win for everyone involved.
As a new member of the UK’s National Cyber Security Centre’s (NCSC) Cyber Security Information Sharing Partnership (CiSP), we can now provide our UK cybersecurity consulting clients an additional “Thrive’ against ongoing cyber threats. In fact, we’re the first managed services provider in the UK alternative investment space to obtain membership in CiSP.
Managed by the NCSC (formed in 2016 and part of the UK’s Government Communications Headquarters, or GCHQ), CiSP provides a forum for cybersecurity discussion as well as a platform for organizations to share intelligence gathered from their own computer networks.
According to the NCSC’s first annual review, tens of millions of cyber attacks are being blocked every week by industry partners who are implementing NCSC’s Active Cyber Defense program.
Ongoing Intelligence Feeds from Various Sources
To effectively manage cyber threats across the globe, Thrive Technology Group actually receives ongoing information feeds from a variety of sources, including CiSP, as part of our overall client security strategy. They include:
- CERT (Computer Emergency Readiness Team) Division (Carnegie Mellon University)
- SANS Institute
- NIST (National Institute of Standards and Technology)
- eSentire, a commercial feed that provides us with managed detection and response
Cybersecurity is certainly a hot global topic that consistently generates a tremendous amount of “noise” and attention. Being an active CiSP member allows us to:
- Increase our level of intelligence to find out what others in the financial industry are learning about cybersecurity.
- Find out what the UK government is sharing with the cyber community about the latest threats.
- Share our own cybersecurity threat intelligence with CiSP as part of our reciprocal relationship.
Separating Fact from Fiction
Our CiSP membership also allows Thrive to cut through secondary sources including various social media channels like Twitter and the media, in general, to separate facts from fiction to find out what’s really happening in the UK cyber community.
For example, Thrive recently identified a spear phishing email that a client received involving someone impersonating a member of senior management who encouraged staff to buy gift cards for each other. We were then able to tap into CiSP and find out if any other companies experienced this same phishing attempt. Through this collaboration, we were able to supply useful information on the pattern of activity prior to the first attempt.
What Really Mattered to CiSP?
You may be wondering what it took for Thrive to gain membership in CiSP. Although achieving membership status wasn’t a lengthy or complex process, what Thrive had to offer is what really mattered to the CiSP Board of Directors.
Thrive appealed to the CiSP Board because of our extensive cyber presence in the UK. As a result, we can provide new insight and information based on our expertise running a public cloud, along with private networks, all while providing our 60 to 70 UK clients Internet access through our proprietary environment.
In addition to appealing to CiSP’s Board, we received sponsorship for membership from London’s Metropolitan Police. Our close ties to the Metropolitan Police mean that we can now leverage our incident response and business continuity plans by sharing information back and forth with the Metropolitan Police’s cybersecurity team.
This also allows Thrive to more easily reach out to the Metropolitan Police when needed, in addition to our normal UK government agency contacts such as the Information Commissioner’s Office and the Financial Conduct Authority, the UK’s counterpart to the U.S. Securities and Exchange Commission.
CiSP Membership Provides Several Client Advantages
Thrive’s CiSP membership involves several client advantages including:
- Ongoing cyber initiatives based on increased intelligence gathering.
- Improved controls and procedures.
- Increased capability to reduce cyber risk for clients through more available options.
- Increased experience due to tighter relationships with industry peers and how they’re handling cyber threats.
- Well-thought-out security improvements to the cyber environment.
- Ongoing proactive measures to promote high-level cybersecurity awareness (versus a “set it and forget it” approach).
- Thrive’s ongoing commitment to CiSP based on our active involvement which, in turn, ensures continued membership status.
- Thrive’s participation on committees and in various communities related to other active vendors.
- A broad stream of reliable information and intelligence which filters out irrelevant “noise” to determine what’s really making a difference in cybersecurity.
Especially now that Thrive is a member of CiSP, we look forward to learning more about your cybersecurity concerns. We’ll then work together to map out a clear strategy against ongoing cyber threats. With the help of our increased intelligence gathering capabilities, resulting directly from our CiSP membership, your cybersecurity preparedness will become better than ever.