CISO Archives - Thrive

Client Experience
- Thrive5
- Thrive Platform
Digital Transformation
Cybersecurity
Cloud
- - Cloud Services
    Unlock the capabilities of your applications with Thrive’s managed cloud services
  - Disaster Recovery
    Quickly resume operations after a disaster with data backups and IT infrastructure reinforcements
  - Colocation
Services
- - Microsoft 365 Platform Services
    - - Office 365
        Fully manage your suite of Microsoft 365 Apps for improved productivity and aligned governance
      - Sharepoint
        Connect, collaborate, and share information easily from the same building or around the world with SharePoint
      - Teams
        Teams can be your go-to for file sharing, collaborative document editing, direct calling, and so much more
      - Power Platform
        Power Platform is designed to help organizations develop and build solutions to complex business problems
  - Networking
    - - Global Network Management to Optimize Your Network
        Enterprise-class network performance, reliability & availability
      - Managed Secure SD-WAN
        Secure, application-aware network optimization
      - Data Connectivity
  - Managed IT
    - - Help Desk and Support
        Rapid assistance from expert engineers.
      - Equipment Based Managed Services
        Delivering the latest products, software, and equipment
      - Data Centers
        Enterprise-class data centers at your fingertips
      - UCaaS
  - Consulting
    - - vCISO
        Thrive vCISO experts design, develop, and maintain a customized Information Security Program to complement your business strategy and risk tolerance
      - vCIO
        A personal liaison providing technology strategy, leadership, and insight to meet any business needs
      - Compliance & Regulatory
        Expert-led services that help businesses manage risk and protect data
      - Assessments
        Cybersecurity Risk and other assessments to keep your organization in the know
Industries
About

Breaking News: Microsoft Azure Outage Wipes Out Teams, 365, and Outlook – Caused by Network Issues

We spoke with Chip Gibbons, CISO at managed services firm Thrive, to discover mitigation plans post-outage. Here are the highlights:

Planning is imperative for companies of all sizes – Many businesses can leverage a comprehensive data backup and recovery plan with relative ease. Larger organizations might require more details to be addressed, specifically how systems are to be recovered, as well as applications and working conditions. However, certain aspects of data recovery always need to be addressed, such as understanding how a backup system works, who is in charge of it, what the responsible recovery point objective (RPO) is, and the amount of data you need to back up. This can dramatically reduce the time it takes to get back in business following a disaster to help you meet your specified recovery time objective (RTO).
Routine testing of DR strategies – Testing is a must, but it can interfere with your business operations and potentially even cut into productivity. Whenever systems are tested, IT teams will be bound to find something wrong with the DR strategy and would have to adapt it over time as you address these issues. If these issues are appropriately addressed during the testing phase, organizations will have a better chance when they need to truly utilize a DR strategy.
Remember that IT infrastructure is governed by people – So a DR strategy must take human behavior into account. For example, if a company’s location is compromised by a disaster, organizations need to check if they can get employees to access the data they need to effectively do their jobs.

The age old battle between social engineering and banking

Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization’s business. Joe’s story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a “pay problem” and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people’s cell phone numbers as soon as they click on a button that reads “download here”. Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further.

Thrive CTO: Zero-Trust Baseline Is Asset Management

As zero-trust security gains traction, Thrive CTO Michael Gray underlined the importance of implementing multi-factor authentication (MFA) as one of the key zero-trust principles for CISOs and recommends starting the journey with asset identification and management.

When CISOs are doomed to fail, and how to improve your chances of success

Another priority should be understanding to whom the CISO reports: the CEO, the CFO, the CTO, or even the legal department. “[This] tells you a little bit about what they expect you to do,” says Chip Gibbons, CISO at Thrive.