Why Cyber Essentials Matters

Cyber Essentials is a government-backed scheme designed to help organisations safeguard sensitive information by implementing baseline security measures. Achieving a CE certification demonstrates to customers, stakeholders, and partners that your organisation is committed to cybersecurity best practices. It also provides an additional benefit—organisations with this certification may qualify for certain types of cyber insurance coverage.

Thrive: A Trusted Partner for CE and CE+ Compliance

Thrive is uniquely positioned to help SMBs navigate IASME’s compliance process, offering tailored services for both CE and CE+ certifications. Thrive’s role as a certification body ensures your path to compliance is smooth, efficient, and aligned with your business objectives.

Elevating Compliance with Cyber Essentials

For organisations looking to enhance their cybersecurity credentials with a Cyber Essentials (CE) certification, Thrive provides Readiness Assessments to help prepare for both CE and CE+ certifications, which include:

• Gap Analysis Report: Identifying areas of non-compliance with CE and CE+ requirements.
• Roadmap to Compliance: Detailed steps to address identified gaps and align with the certification standards.

Getting Started with Cyber Essentials

The first step toward compliance is obtaining the Cyber Essentials certification. This process involves completing a self-certified questionnaire, which is submitted online to the IASME portal. Thrive’s experts are available to support organisations in understanding and accurately completing this essential step.

Upon successful submission of the questionnaire, Thrive will assess whether the answers meet the requirements and issue the CE certification, confirming your organisation meets the baseline requirements for cybersecurity.

Once the Cyber Essentials certification is complete, Thrive will guide organisations through the CE+ certification process.

The CE+ Audit

Achieving CE+ certification involves a hands-on technical assessment of your systems. A Thrive-certified CE+ assessor will conduct a comprehensive audit of all in-scope systems, including:

• Representative User Devices: Ensuring secure configuration and malware protection meet requirements.
• Firewalls: Ensuring that only secure and necessary network services can be accessed from the internet.
• Security Update Management: Ensuring that devices and software are not vulnerable to known security issues

This rigorous evaluation ensures that your organisation’s cybersecurity measures are not only compliant but also resilient against commodity-based threats.

Choose Thrive for Your Cyber Essentials Journey

Thrive’s expertise as a certification body goes beyond issuing certificates. Our end-to-end support enables SMBs in the UK to confidently achieve compliance while strengthening their overall security posture. Key benefits include:

• Expert Guidance: Thrive’s team of cybersecurity professionals simplifies the certification process.
• Customisable Support: From self-assessments to readiness assessments and audits, Thrive tailors services to your unique needs.

Take the Next Step Toward Compliance

Cyber Essentials and Cyber Essentials Plus certifications are crucial milestones for any UK-based SMB aiming to improve cybersecurity. Thrive’s comprehensive approach ensures your organisation is not only compliant but also equipped to face future challenges.

Contact Thrive today to achieve CE and CE+ compliance, enhance your cybersecurity posture, and protect your business against the ever-evolving threat landscape.

The post How to Achieve Cyber Essentials Compliance with Thrive appeared first on Thrive.

This is a significant step in addressing the rapidly growing number of relentless attacks that devastate our health services, government departments, educational and democratic institutions, and even smaller local authorities. Yet, the urgency of the situation is clear, as we have increasing evidence of the fragility of the UK’s cyber infrastructure – and the aggressive threats the country is facing.

What will this bill do?

The crucial updates made to the existing framework will expand its remit, protecting more UK digital services and supply chains. Regulators will also reportedly be put on a ‘strong footing’ to guarantee the implementation of safety measures, including cost recovery mechanisms and additional powers that facilitate vulnerability investigation.

This legislation is a beacon of hope, as it mandates increased incident reporting to give government teams more accurate data on cyber threats. This includes where a business has been a ransom victim, improving their understanding of current threats and highlighting potential further ones by widening the net regarding the nature of incidents that entities are to report.

This bill will extend UK-wide and is fully endorsed by the NCSC. Its CEO, Felicity Oswald, warned that the UK’s essential service providers cannot afford to ignore these threats.

Why the new legislation?

Two government reviews found that the original frameworks had a positive impact, but progress needed to be made faster to keep up with the rapidly evolving threats to the nation. Over 50% of essential service operators have updated their processes and policies since the creation of the cyber regulations in 2018, hardly enough to match the required pace.

In June, cybercriminals struck the NHS, postponing critical appointments and procedures at some of London’s most significant hospitals, such as Guy’s, St Thomas’, and King’s College. Last year, we saw Sefton, a village in Merseyside, fight off 30,000 cyber-attacks on its council infrastructure per month, with the BBC reporting last month that councils remain at the mercy of criminal hackers. These attacks are not just statistics, they are real and they are affecting businesses and services that we rely on.

This reform is well-needed, with countless examples of attacks like these affecting millions of Brits. However, despite these recent changes, businesses remain fragile throughout the country.

New vulnerabilities

In 2023, the UK led the list of global data breaches. The country was shaken by the largest cyberattack in 2023, as cyber protection firm DarkBeam failed to protect 3.8 billion records. The leak was uncovered by the CEO of SecurityDiscovery, Bob Diachenko, who informed the company of its leak. They promptly addressed and fixed the leak. According to Diachenko, this type of data leak is usually caused by human error, such as forgetting to encrypt data following maintenance.

We also have witnessed a spike in attacks on a new sector: the construction industry. A new report by risk advisory firm Kroll has indicated that cyber-attacks on construction companies doubled in the first quarter of 2024 compared to last year. Kroll advised this increase was most probably down to the ‘sophistication of business email compromise for either financial gain or as a pivot into downstream attacks.’

The company confirmed that the construction sector had seen steady growth in email compromise from 2023 to 2024. According to Construction News5, on-the-go work culture is the culprit behind doubling the frequency of these attacks. Kroll warned: ‘An employee may be more likely to fall for a phishing lure if they are receiving the email on the road, making them potentially less vigilant about the signs of fraud.’

SMS and voice-based tactics have been reported, which raises concern surrounding the potential use of deep fakes and other AIs to further streamline phishing attacks. An insider threat case examined by Kroll earlier this year saw an employee impersonated, a method AI could efficiently utilise.

Arup, a British multinational firm headquartered in London providing services across the building sector, confirmed in May of this year that it was the victim of a £20 million deep fake fraud attack after an employee was manipulated into sending over the sum via an AI- generated video call. The attackers posed as ‘senior officers of the company’ to dupe their way to the money. Arup’s global CIO, Rob Greig, stated that the company had been the victim of a barrage of attacks, increasing both in potency and frequency, in the months leading up to the large-scale attack.

Greig’s quote to Building.co.uk illustrates the ordeal: ‘This is an industry, business, and social issue, and I hope our experience can help raise awareness of the increasing sophistication and evolving techniques of bad actors.’

Police in Hong Kong, where the attack occurred, have made no arrests thus far, and the cyber-criminals are still at large.

As a chilling final example, officials have confirmed that the British critical national infrastructure (CNI) ‘could be left dangerously exposed’ if managers do not appropriately address the increasing cyber-attack threat caused by tension between Britain, China, Russia and Iran.

How fragile is the UK’s critical national infrastructure?

The BBC reported a ‘hack’ in May of this year, resulting in a ‘significant data breach’ of payroll data from the MoD. The then Defence Secretary, Grant Shapps, warned that state involvement could not be ruled out. In the days and hours following, at least two additional cyber-attacks hit the Scottish NHS and the UK Border Force.

NHS Dumfries and Galloway revealed that children’s mental health data had been published, and Border Force e-passport gates ceased to work at Britain’s major airports. Considering simmering tensions with other states and escalating wars in Ukraine and Palestine, infrastructure providers are left concerned about potential future attacks.

The lines between political interference and targeted cyber attacks are starting to blur. Considering this, coupled with more and more sectors finding themselves the new victim in the crosshairs of increasingly sophisticated and ruthless attacks, do not let your company be next.

If you are targeted by a bad actor, do you have a well-rehearsed incident response plan in place? Contact Thrive to learn how we can help fortify your digital approach and keep you and your team safe from an ever-evolving threat landscape. We specialise in helping medium sized businesses fortify their critical cyber infrastructure.

The post Digital Divide: UK’s Cyber Security Stronger, but Are Businesses Still Fragile? appeared first on Thrive.

Microsoft tested company resilience with members of Goldsmiths University London using a model created by Chris Brauer (Director of Innovation at its Institute of Management Studies). The study revealed that 48% of UK businesses are vulnerable to attacks.

The report also shows that the UK is currently in a position to be the global leader in cybersecurity. Still, it’s missing out on a £52 billion dividend by not using these tactics, cutting the annual cost of cyber-attacks from £87 billion a year.

Paul Kelly, the director of Microsoft UK’s security business group, highlights AI’s potential to bolster cybersecurity. He states, “AI has the power not only to enhance the security of your business and data but also to significantly mitigate the impact of a cyber-attack on your bottom line.” This potential of AI to strengthen security should instil a sense of confidence in UK businesses.

As reported by the NCSC, the main risks with AI are likely to be from two types of attacks. The first is prompt injection attacks, one of the most widely reported weaknesses in large language models (LLMs).

The attack occurs through fabricated instructions inserted by a cyber attacker designed to make the AI model behave unintendedly. This includes revealing confidential information, generating offensive content, or triggering unethical actions in a system that accepts unchecked input.

The second attack the NCSC warns of is a data poisoning attack, which occurs when a criminal tampers with the training data of an AI model to carry out an attack – affecting security and bias.

As LLMs become increasingly familiar with passing data to third-party applications and services, the risks from these attacks will grow, requiring an appropriate response. So, what response does the NCSC recommend?

The Guidelines for Secure AI System Development, published by the NCSC and developed with the US’s Cybersecurity and Infrastructure Security Agency (CISA) and agencies across 17 other nations, advise on how medium-sized businesses can manage AI in a way that ensures everyone reaps its benefits and doesn’t fall victim to its many dangers. Executives must understand the potential impact on their organisation if an AI system’s security is breached, affecting its reliability, accessibility, or data privacy.

Businesses must have a well-prepared response strategy in place for potential cyber incidents. Ensuring compliance with relevant laws and industry standards when managing AI-related data is essential. Three key questions to consider regarding your organisation’s AI safety are:

• How would you respond to a severe security incident involving an AI tool?
• Is everyone involved in AI deployment (including senior executives and board members) familiar enough with AI systems to assess the potential dangers? This understanding is beneficial and crucial in the current cybersecurity landscape. What’s the worst-case scenario (regarding reputation and operations) if an AI tool in your company encounters an issue?

Until recently, most cybercriminals needed to carry out attacks themselves, but rapidly evolving access to generative AI enables automatic attack research and execution. This presents a new and growing threat to your business.

One of its primary capabilities is ‘data scraping’ when information from public sources (social media and company websites) is collected and analysed. This approach dangerously invents hyper-personalised, timely and relevant messages that form the basis of phishing attacks and any attack that employs social engineering techniques.

Another notable trait of AI algorithms is that they gather intel and adapt in real time. This has positive outcomes, such as providing more precise information for corporate users. But it’s also a double-edged sword, as it aids cybercriminals enormously in refining the efficacy of their techniques to avoid detection and steal as much data as possible.

AI can swiftly pinpoint high-value individuals within an organisation. These could include members with access to sensitive staff or client data, limited technological expertise, broad or unrestricted system access, or valuable relationships that could be exploited to reach other critical targets.

The latter is expected, with AI-driven social engineering attacks leveraging AI algorithms to manipulate human behaviour to obtain sensitive data, money or high-value items or access to a system, database, or device. These attacks can be highly sophisticated, using AI to develop a persona to communicate effectively with a target in realistic and plausible situations that would leverage contacts, complete with false audio or video, to engage them.

Since two-thirds of security leaders expect offensive AI to be the norm for cyberattacks within a year, let’s look at some examples from close to home.

The British government has declared its intention to fund AI safety research with £8.5m to tackle online threats, including deepfakes. The declaration prompted a dire warning from the NCSC in January 2024, noting that malicious AI will “almost certainly” lead to increased cyber-attack volume and impact over the next two years, particularly those featuring ransomware. 30% of security professionals surveyed in the compliance specialist ISMS’s new research claimed to have experienced a deepfake-related incident in the past year.

Protect your business from evolving AI-driven cyber threats with Thrive’s cutting-edge security solutions. Our expert team, equipped with cutting-edge technology, is experienced in working alongside companies to safeguard data, ensure compliance and keep you ahead of the curve. Don’t wait for an attack to expose vulnerabilities – let’s fortify your defences. Download our AI policy template to get started today.

The post UK’s AI Ambitions: A Double-Edged Sword? appeared first on Thrive.

While criminal hackers and financially motivated cybercrime groups have long plagued companies from known sources, a new and even more alarming threat has emerged: state-sponsored hacking operations backed by the Chinese government.

Recent developments have shed light on the sophisticated and persistent efforts by Chinese hackers to compromise systems, steal data, and even interfere with democratic processes across the UK and its allies. No business is immune, no matter its size or sector, so in this article, we’ll explain how you can protect your business from this imminent threat.

Investigated by the NCSC

In March 2024, the UK government took the bold step of publicly calling out China for two major cyber campaigns targeting British democratic institutions and Members of Parliament. As revealed by the National Cyber Security Centre (NCSC), a Chinese state-affiliated group gained widespread access to the systems of the Electoral Commission between 2021-2022, potentially exposing data on a whopping 40 million Britons on the electoral register. In a separate campaign in 2021, the same Chinese hacking group carried out reconnaissance against British members of parliament, particularly those outspokenly critical of Chinese government policies.

These were by no means isolated cases but rather represent, according to the Foreign Office, a “part of a large-scale espionage campaign” by China. These revelations were supported by allies like the United States, who announced criminal charges against Chinese hackers and partners across Europe and the Indo-Pacific, condemning Beijing’s malicious cyber activity.

Newly discovered malware

One particularly sly tactic Chinese threat groups use is exploiting the trusted relationships and supply chains of the targeted organisations. Crowdstrike’s Global Threat Report assessed that Chinese threat actors known as “Jackpot Panda” and “Cascade Panda” “consistently exploited trusted relationships through supply chain compromises and actor-on-the-side or actor-in-the-middle attacks.” These groups can quickly gain clandestine access and deploy malware inside a victim’s network by hijacking software updates or compromising close third-party vendors.

For example, Jackpot Panda was found to have “trojanised” installers for legitimate Chinese software to deploy their malware. Similarly, Cascade Panda intercepted update traffic from commonly used software utilities to install its WinDealer remote access tool on systems belonging to Chinese-speaking targets. Even little-known groups potentially linked to Beijing pulled off supply chain attacks, such as compromising an Indian (among other) critical infrastructures with a cybersecurity vendor, I-Soon, distributing malware via its software updates across multiple sectors, affecting users across the globe.

Three ways your company could find itself in the firing line

While the Chinese government’s motivations may usually be centred on gathering intelligence (mainly for monitoring dissidents), UK companies could easily get caught in the crosshairs. Firstly, they represent a treasure trove of intellectual property, research, customer data, and other sensitive information crucial to Beijing’s strategic interests and economic leverage. The Chinese military policy of “civil-military fusion” blurs any remaining lines between the private sector and state assets.

Secondly, British firms are deeply embedded in the same supply chains, software ecosystems, and trusted vendor relationships, actively being exploited as vectors for initial access by Chinese hackers. After all, a company’s cybersecurity posture is only as strong as its weakest link in such an interconnected business environment. Threat actors have demonstrated a keen ability to methodically map out these interdependencies and pounce when the opportunity presents itself.

Finally, UK businesses like yours should be prepared for the potential collateral damage and interruptions caused by Chinese cyber operations, even when not directly targeted against them. The data thieves’ campaigns highlighted above directly interfered with the IT systems of government bodies responsible for administering elections and democratic processes in Britain. So, any company’s operations could halt if its technologies or data flow intersects with compromised systems.

How can you shield your business?

In the face of this daunting threat from a competent nation-state adversary, mid-size UK businesses must boost their cyber defences and resilience. A proactive, comprehensive cybersecurity strategy centred around advanced threat detection capabilities is essential. Implementing strong access controls such as multiple-factor authentication, tight identity management, encryption, and vetting the cybersecurity practices of third-party vendors can all reduce risk exposure.

However, even the most robust technical controls have limits against skilled, determined, and infinitely meticulous nation-state attackers like China’s hacker groups. Businesses require professional cybersecurity monitoring services, threat-hunting experts, and incident response capabilities to identify and neutralise intrusion attempts quickly. For this reason, continuous security awareness training to educate employees on the latest tactics, like supply chain compromises, is also critical.

Take protective steps now

As the UK government has demonstrated with its recent actions, exposing and holding malicious Chinese cyber criminals accountable is a priority for preserving our national security and democratic values. Businesses must follow suit and implement comprehensive defences against this looming threat. Unfortunately, failing to do so risks surrendering your organisation’s most valuable data, suffering crippling interruptions, or unwittingly aiding and abetting Beijing’s authoritarian projects. Now is the time to get ahead of those jeopardising UK companies – before a rocky cyber stance becomes a devastating crisis for your company.

Don’t hesitate to contact Thrive today to learn more about nation-state threat detection and mitigation strategies tailored to mid-market UK businesses. Protecting your organisation from state-backed cyber campaigns demands the vigilance and expertise that our experienced team can provide you with every step of the way.

The post Caught in China’s Cyber Crosshairs: How Your Business Might Be Exposed appeared first on Thrive.

Zeus Capital, a Manchester-based investment banking firm, sought to strengthen its information security measures amid a shift towards technology integration. This case study outlines how Thrive, a trusted security partner, assisted Zeus with cost-effective cyber security assessment-tailored solutions.

Zeus faced the challenge of managing its information security with a limited internal IT team. With the company’s expansion and increasing reliance on technology, Zeus sought a solution that would provide a comprehensive assessment within budget and adhere to specific requirements. However, it needed more expertise and resources to do so internally. In the wake of significant changes, Zeus prioritised aligning its cybersecurity practices with financial services industry standards.

Why Thrive Was Chosen

Recognising the need for a trusted partner, Zeus selected Thrive based on their extensive expertise in the investment sector and proven strategic consulting capabilities. Unlike competitors pushing unnecessary services, Thrive’s commitment to understanding Zeus’s needs and fostering a long-term partnership resonated with the company’s objectives. Thrive developed a customised cybersecurity framework for Zeus, aligning it with their unique business model and risk appetite. Thrive’s receptive approach, thorough understanding of Zeus’s objectives, transparent methodology, and breadth of capabilities to further support Zeus on their cyber initiatives set them apart.

Strategic Deployment of Advanced Security Measures

As an FCA-regulated investment bank, Zeus wanted an independent third-party evaluation relating to cybersecurity to demonstrate their commitment to secure digital operations. Thrive conducted a Cybersecurity Risk Assessment for Zeus, evaluating its security policies, processes, and controls against the globally recognised CIS framework. This assessment provided Zeus with a clear understanding of its security posture and identified areas for improvement. Thrive then conducted an autonomous penetration test, a simulated cyber attack on Zeus’s systems, to identify potential security gaps and take proactive measures to address them. With this knowledge, Zeus remediated its weaknesses, presenting a robust security strategy to its board.

Thrive’s Impact

Thrive’s impact on Zeus has been transformative, affirming the effectiveness of its pre-existing security measures while identifying areas for improvement. After a thorough Cybersecurity Risk Assessment and subsequent penetration test, Thrive provided Zeus with a clear understanding of its security posture and actionable insights to mitigate risks. This reassured Zeus’s board about regulatory compliance, ensuring the company meets all necessary security standards. Additionally, Thrive’s services have enhanced staff awareness about cybersecurity, equipping them with the knowledge and skills to identify and respond to potential threats. Thrive’s expertise, collaborative approach, and commitment to ongoing support have enabled Zeus to enhance its security posture effectively and safeguard its business and staff from potential threats.

“Thrive’s approach was not just about ticking boxes; it was about truly understanding our security posture and helping us navigate the complexities of cybersecurity in our industry. Their partnership has been instrumental in affirming our security foundations and identifying areas for improvement,” ~ David Boulton, Head of IT at Zeus

About Thrive

Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.

The post Thrive Fortifies Zeus Capital’s Secure Expansion in the UK Financial Services Sector appeared first on Thrive.

However, this problem is a familiar one. Back in 2020, the first death by ransomware was ruled in Düsseldorf. An attack paralysed the hospital’s systems to the extent that it was forced to pause all admissions to its A&E department. This resulted in hospital staff frantically diverting inpatients to a city 19 miles away, proving fatal for one woman. Then, in August 2022, the UK’s NHS 111 service was taken offline by a severe cyberattack, also through its supply chain, via its service provider, Advanced, which meant that 40 million people were denied access.

This illustrates the gravity of ransomware attacks on the healthcare sector. In this blog, we will delve deeper into recent trends so your company can maintain agility in the face of ever-evolving and ruthless attacks.

Complex supply chain

Britain’s NHS delivers care to 68 million people and is one of the world’s largest employers, providing work to 1.7 million people. Still, it is behind only the US and Chinese military, Walmart, and McDonald’s. Despite its vast size, it was successfully breached earlier this month and continues to suffer significant disruptions, such as six entire NHS trusts. Many GP practices are spread across southeast London, serving 2 million Brits. This is due to a breach in Synnovis, a private firm that the NHS uses to examine blood tests.

A senior NHS source warned that it would take “many months” to resolve and that it is not yet clear “how the hackers gained access to the system, how many records have been affected and whether these records are retrievable.” As a result, even an entity with the enormous infrastructure of the NHS has been forced to dust off a paper records system, where patients’ information is printed and blood samples hand-delivered by porters.

Already in 2022, the NHS suffered a severe ransomware attack caused by a violation of its Adastra software, which was operated by a third party. Was this a test of the NHS supply chain? This ransomware attack not only caused financial disruption but also distress to patients in the care homes whose data was sold.

Attacks continue. Earlier this year, in March 2024, NHS Dumfries & Galloway was hit by an attack that caused widespread distress and the release of confidential patient data. The implications and investigations of this attack are ongoing, and public concern continues.

Why is the UK healthcare sector so vulnerable?

Martin Lee, Cisco’s UK-based security research lead, warns: “When healthcare systems and data are unavailable, lives are potentially at risk. This makes the sector a tempting target for criminals. Outages put pressure on management to pay off the attackers to restore availability quickly. However, paying the ransom means that these attacks remain profitable and ultimately only serve to encourage further attacks.”

According to a report by Cisco’s Talos threat intelligence division, healthcare providers were the most targeted by ransomware gangs last year. The report attributed this to these organisations having “underfunded budgets for cybersecurity and low downtime tolerance.”

The figures back this up, as this marks the third time that Synlab and Synnovis have been attacked, affecting pathology services across Europe. For example, in June 2023, the ransomware gang Clop breached the French branch and stole data, while earlier this year, Synlab’s Italian subsidiary was hit by a separate ransomware group, Black Basta. The group gained access to around 1.5TB of data and published it in its entirety when no final ransom was paid.

A similar attack was the one on the Finnish mental health giant Vastaamo in 2020, where a copy of all data on the system was sent to the attacker. This included names, addresses, and notes from the therapist on each private session. The work therapists do in dealing with people’s deepest fears and secrets is naturally a very sensitive one, and this attack was devastating for the mental health of its victims. Vastaamo has now ceased trading.

Concerns over the potential escalation of these attacks had been raised in Parliament in 2023, as the increasing use of digital healthcare in the UK means that more critical equipment and systems are connected to the internet, making them a potential target for cybercriminals. However, in a post-COVID world, the use of telemedicine is increasing. In 2023, the NHS began circulating information on ‘Connected Medical Devices’ cyber vulnerabilities to its staff. In February 2024, the World Economic Forum went so far as to name the Healthcare sector as the biggest target for cybercrime due to the critical data it holds and the online devices controlling people’s lives.

How has unpreparedness for attacks recently affected the healthcare sector?

The desperate need to get back online is one of the reasons why 38% of healthcare organisations are reported to have paid a ransomware fee. A 2022 survey of 100 cybersecurity managers in the UK health sector found that 81% of healthcare organisations in the UK had been hit by ransomware in the previous year. Whilst 38% paid the ransom to regain their files, 44% refused to pay and lost their healthcare data. Close to two-thirds (64%) of respondents admitted their organisation had to cancel in-person appointments because of a cyber-attack.

Even unexpected sources can be vulnerable in the healthcare sector. The London Borough of Camden recently warned of a risk to personal data after one of their suppliers of beds, hoists, and grab rails was attacked. Computers attached to MRI machines, CT scanners, blood pressure and heart-rate monitors are vulnerable and provide back doors into connected systems.

How can you protect your business?

These numerous and ruthless attacks serve as another reminder to have the measures in place to prevent you from being caught off guard. The NHS experience illustrates how even large, well-resourced providers can be vulnerable to prolonged disruptions if proper security measures are not in place. The UK government has committed to a series of measures to support healthcare providers by 2030. Still, in the meantime, businesses in the supply chain must take appropriate measures to keep defences high.

At Thrive, we specialise in providing industry-leading cybersecurity solutions tailored to you and your staff’s needs. Our team of experts can work closely with your organisation to identify vulnerabilities, implement robust safeguards, develop incident response plans, and ensure you have the defences to maintain operational resilience in the face of ransomware and other malicious attacks.

Don’t leave your systems, data, and, most importantly, your patients at risk. Contact Thrive today to learn how we can fortify your company and give you the peace of mind to continue delivering essential services without disruption. Protect your operations, reputation, and ability to contribute to life-saving care with Thrive as your trusted cybersecurity partner.

The post Guarding Britain’s Health: Strengthening Cybersecurity in the UK Healthcare Sector appeared first on Thrive.

The Digital Operational Resilience Act (DORA) was enacted on January 16, 2023, and will be enforced starting January 17, 2025.

DORA aims to ensure the IT resilience and security of any financial entity (FE) in Europe and their ICT providers, including banks, crypto, insurance, and investment firms, even during severe operational impacts like denial of service (DDoS) cyber-attacks and ransomware. Thrive can assist in the key areas that support compliance with DORA.

Third-Party Risk Management:

For DORA, this is the most significant and underestimated work for firms with the usual resilience. DORA mandates the analysis, contractual documentation, and management of third-party risks. Thrive enhances security by ensuring essential third-party providers are evaluated, documented, approved, monitored, and managed.

Oversight of Critical Third-Party Providers:

DORA requires an oversight framework for critical third-party providers. Thrive enhances transparency and accountability within this ecosystem, ensuring essential services remain accessible under challenging circumstances.

Incident Response and Reporting:

Thrive facilitates comprehensive incident response processes, enabling IT teams to troubleshoot devices promptly, diagnose issues, mitigate and remediate systems, apply patches, and recover systems. This also helps to ensure timely reporting and resolution of operational disruptions.

Testing and Resilience Assessment:

Thrive supports complete digital operational resilience testing or disaster recovery and business continuity in existing terms. Testing these plans helps institutions evaluate the effectiveness of alternative processes and seamlessly switch to secondary methods during disruptions.

Audit Trails and Logs:

Thrive generates detailed audit trails and logs of user activities, assisting organisations in demonstrating compliance with DORA’s requirements. This will also facilitate information sharing around threats seen or experienced, particularly zero-day attacks.

Responsibility and Accountability (i.e. Governance):

DORA establishes clear responsibility for operational resilience at the highest levels of a firm, including the Board and senior executives (CxOs). They play a crucial role in implementing DORA’s essential components.

Critical Plans (i.e. Risk Management Framework):

Board members and senior executives will need to approve critical plans related to operational resilience. These plans include the firm’s digital operational resilience strategy and its policy regarding ICT Third Parties (TPs). DORA is acknowledged as best suited to ISO 27001 – more on this in part 3 of this blog series.

Daily Operations:

Senior leaders are also responsible for making decisions integrating DORA’s requirements into the firm’s day-to-day operations. This involves setting risk tolerance levels and prioritising actions to address identified operational vulnerabilities.

In simpler terms, DORA ensures that financial institutions and technology partners are well-prepared to effectively handle disruptions and cyber risks. It’s all about making sure our FEs stay strong and resilient!

Part 2 of this blog series will examine the EU’s process to get to where we are from the initial 2023 effective date. The EU set up numerous European consultations with FEs and conducted dry runs with well-known participants, particularly on the third-party risk management process and expectations. Feedback is contained in many fascinating spreadsheet entries. Many lessons have been learnt and challenges raised, where the EU believes that requirements are reasonable, but the industry may have alternative views.

Responses to public consultations on DORA 1st batch.xlsx (live.com)

In conclusion, Thrive is crucial in bolstering our client’s operational resilience through our own operationally resilient platform and business, reducing dependency on single systems, teams, or procedures, and enhancing risk management in the financial sector in alignment with DORA’s objectives.

Graphic Source: https://kpmg.com/lu/en/blogs/home/posts/2023/04/dora-regulation-all-your-questions-answered.html

The post Strengthening Financial IT Resilience: Navigating DORA Compliance with Thrive (Part 1) appeared first on Thrive.

Not just compromised data

Clarion Housing Association – the country’s largest with over 125,000 homes – was struck by a major cyber-attack that crippled both its IT systems and phone lines. While the full extent of the breach remains unknown, Clarion warned tenants that their data may have been compromised. The incident follows similar attacks in recent years on housing providers like Bromford and Connexus (the latter needs to be clarified about the amount of tenant data stolen) and local councils that manage public housing.

The effects of these cyber incidents are severe and widespread. For tenants, they put their private information – such as financial records and contact details – at risk of being exposed or held for ransom by criminals. Housing services can halt, making reporting maintenance issues or making rent payments impossible. At best, this poses a significant inconvenience for tenants, landlords and organisations alike. Or, at worst, a threat to housing security for some of the UK’s most vulnerable people in society, such as the elderly, disabled and low-income population.

Not hours… but days or even weeks for recovery

Successful breaches lead to costly downtimes, lengthy reparation procedures, potential ransom payments, penalties from bodies such as the ICO for failure to protect citizens’ data, and highly long-lasting reputational damage. For example, the Bromford attack took days to recover, while a council in South West England is still working to fully restore its systems two years later, having shelled out hundreds of thousands of pounds. Many entities cannot afford these major financial blows and operational disruptions, especially during the current cost of living crisis.

So, why are housing associations such an attractive target for cybercriminals? And what can be done to better shield the sector against escalating threats?

The vulnerabilities of businesses holding sensitive data

A key factor making housing associations a lucrative target is their heavy digital footprint and the sheer volume of sensitive data they hold online. As organisations embrace the digital world to provide modern online services and store data effortlessly, they exponentially increase the potential attack vectors that cybercriminals can exploit. More smart home and office technology, online customer portals, and web-connected devices mean more endpoints to be secured. Moreover, criminals also perceive housing associations as having weaker cyber defences than other sectors. Budgetary constraints often prevent robust investments in cyber security measures and IT teams. The survey from RSM UK found a shocking 75% of housing associations felt underprepared to deal with ransomware attacks.

The data itself is also precious on the dark web. Housing records contain a treasure trove of personal information on tenants, including contact details, financial data, and home addresses, that can be used for follow-on phishing, fraud, and even physical home break-ins. Analysts estimate cybercrime costs the British economy £27 billion annually, providing ample incentive for criminals to target housing associations.

Deliver the reassurance that tenants crave

While facing this escalating risk, housing associations must take proactive steps to prioritise cyber security and safeguard their systems, data, operations and customers. This goes beyond achieving minimum compliance standards to adopt a comprehensive, vigilant security stance.

Crucial capabilities include steadfast threat monitoring and vulnerability scanning to identify and patch security gaps before cybercriminals can exploit them. 24/7 security operations centre (SOC) services can provide cost-effective, round-the-clock monitoring that most housing associations lack in-house and the reassurance tenants crave. Penetration testing is also vital, potentially using certified ethical hackers to probe for vulnerabilities from an attacker’s perspective. Combining this offensive approach with defensive meticulous cyber hygiene like software updates, multi-factor authentication, and data encryption makes it infinitely more complex for real-world criminals to carry out a breach successfully.

Regular security awareness training must also be provided to educate employees on evolving threat vectors like phishing, which remains the most common initial attack vector: human error and a lack of cyber awareness among staff open doors for cybercriminals to explore.

Another major weakness is third-party vendors and supply chains, which criminals often use as indirect attack routes to targets. Housing associations must implement strict vetting processes and security requirements for all suppliers and partners.

Predefined and practised working protocols

Housing associations must have comprehensive incident response and disaster recovery plans ahead of time. When attacks inevitably occur, having predefined protocols regarding containment, recovery, and communication is critical to minimising damages and restoring operations as quickly as possible. Too many housing associations have learned the hard way through devastating cyberattacks in recent years. However, by treating cybersecurity as an essential business imperative rather than an afterthought, these organisations can avoid escalating threats and better secure their systems, data, staff, and tenants. With dwindling budgets available during the current cost crunch, providers need partners that deeply understand their challenges and can strategically align services to their priorities.

No organisation is immune to cyber threats in today’s hyper-connected world. But, through concrete investments and strategic partnerships, housing associations can dramatically improve their cyber resilience and focus on their core missions of providing safe, reliable homes and services to all who need them.

At Thrive, we specialise in delivering tailored cybersecurity solutions designed for housing associations’ unique challenges.

The need for action is clear.

Don’t allow your housing association to become another cybercrime statistic. Contact Thrive today so we can work alongside you to comprehensively safeguard your systems, data, team, and tenant community with cutting-edge cybersecurity services. Using our CIS-aligned frameworks we allow you to provide your services with inbuilt peace of mind.

The post Unexpected Cyber Threats Put Housing Associations and Tenants at Risk appeared first on Thrive.

What does the NCSC have to say?

In its January 2024 assessment, the NCSC stated that AI will almost certainly impact cyber-attacks, and here’s how. The organisation shows that, in the near term, AI will mainly provide malicious actors with the capability to scale up their social engineering tactics, communicating directly with victims to manipulate them into handing over details or funds. This includes creating “lure documents” without the grammatical translation faults that often ring alarm bells in the victim. They also state this will likely increase over the next two years as models become popular.

AI’s capacity for rapid data summation will also enable cybercriminals to identify businesses’ high-yield assets, which will likely enhance the impact of their crimes. According to this report, hackers (including ransomware) have already been using AI to increase the efficiency and impact of their attacks. Attackers can go deeper into networks with the help of AI-enhanced lateral movement, assisting with malware and exploit development.

However, for the next 12 months or so, human expertise will continue to be needed in these areas, meaning that any small uptake in this threat will be limited to very skilled hackers. Beyond this, experts envisage that malware will even be AI-generated to circumvent current security filters in place. It’s also very realistic that highly capable State Actors have repositories substantial enough to train an AI model for this.

As we enter 2025, large language models (LLMs) and GenAI will make it extremely difficult for any businessperson, regardless of your cybersecurity understanding, to spot spoofs, phishing, or social engineering attempts. We can already tell from this report that the time between security updates being released and hackers exploiting unpatched software is steadily decreasing. The NCSC warns that these changes will “highly likely intensify UK cyber resilience challenges in the near term for the UK government and the private sector.”

Potentially catastrophic results

Time and again, we see how more sophisticated attacks are storming even Britain’s most protected infrastructures. Just last year, as previously reported, hackers accessed sensitive UK military and defence information and published it on the dark web. Thousands of pages of sensitive details regarding max-security prisons, Clyde submarine base, Porton Down chemical weapons lab, GCHQ listening posts and military site keys were revealed to criminals, gravely compromising critical infrastructure.

In the same period, we saw cyber-criminals strike the NHS, revealing details of more than a million patients across 200 hospitals, including NHS numbers, parts of postcodes, records of primary trauma patients and terror attack victims across the country. The actors responsible are still unknown despite extensive specialist analysis. This is similar to the previous year’s attack, leaving the NHS with a devastating software outage, impairing NHS 111, community hospitals, a dozen mental health trusts, and out-of-hours GP services. This incurred considerable safety risks for the British public,

such as incorrect prescriptions and the inability of mentally unwell patients to be correctly and professionally assessed.

In January this year, the UK government released a policy paper introducing the “AI Safety Institute” concept. This paper mentions AI being misused in sophisticated cyber-attacks, generating misinformation and helping to develop chemical weapons. It also mentions experts being concerned with the possibility of losing control of advanced systems, with potentially “catastrophic and permanent consequences.”

AI development out of control

It also admits that “At present, our ability to develop powerful systems outpaces our ability to make them safe.”, adding to already existing concern for the safety of AI. While it pledges to develop and conduct evaluations on AI systems to minimise existing harms caused by current systems, this still needs to take away from the need to be vigilant regarding this ever-evolving new technology. Another government paper, “Safety and Security Risks of Generative Artificial Intelligence to 2025,”lists the most significant AI risks for 2025 are cyber-attacks (more effective and more substantial scale as previously mentioned, using enhanced phishing and malware); increased digital vulnerabilities as GenAI integrates into the critical infrastructure and brings forth the possibility of corrupting training data or ‘data poisoning’; and erosion of trust in information as GenAI can create hyper-realistic bots and synthetic media or ‘deep fakes.’ The government assesses that by 2026, synthetic media could make up a substantial portion of content online and risks eroding public trust in media outlets and governments. This issue needs to be solved by any means.

How UK businesses are affected

For a business, the uncontrolled development and use of AI systems raise concerns about access security to company systems, data integrity and protection of IP, patents and brand image. Medium-sized SMEs often operate with tighter budgets and leaner IT teams, making it a challenge to invest in comprehensive cyber solutions or know where to start. According to the NCSC, “SMEs are often less resilient to cyber-attacks due to a lack of resources, skills and knowledge.”

Cyber-criminals are wise to this and target businesses of this size with tailored attacks such as AI-enhanced phishing correspondence. In fact, according to the 2024 Sophos Threat Report, over 75% of customer incidents handled were for small businesses. Data collected from SME business protection software indicates that SMEs are targeted (mostly with malware) daily.

Fortunately, hackers’ use of AI is still at an early stage and is bound to become increasingly sophisticated as it continues to develop at its current rapid speed. There is still time to protect you and your business, and the Thrive team is highly experienced in guiding and supporting SME businesses every step of the way. Contact us today.

The post AI-generated Cyber-attacks: A New Emerging Threat appeared first on Thrive.

According to the UK government’s own words, said legislation is likely not to arrive before 2025 (and most certainly won’t go into force until 2026 at the earliest).

Legislative Limbo

The UK government missed what is probably its last chance to update such laws before a general election this year, one year after prematurely declaring that the UK’s cyber laws had been “updated.” The King’s Speech, which marked the official start of Parliament in the United Kingdom in November 2023 and laid out the government’s complete legislative programme for the upcoming session, did not mention these laws being passed.

The NIS Regulations were initially passed in 2018 in response to a European Union directive. They set security standards for providers of critical infrastructure and key digital services and required reporting in the aftermath of disruptive assaults.

Due to the current legislative thresholds, many cyber attacks have yet to be recognised as NIS incidents. These limits are based on the impact of a cybersecurity incident on the delivery of critical services, such as whether an attack interrupted energy output at a power plant or whether a cyber attack stopped a rail company from operating services. Because the current standards need to assess the depth of the attackers’ computer network access or if the culprits have the potential to disrupt any critical services, they risk depriving government authorities of adequate visibility into how targeted their sectors are.

The amended laws will seriously raise the threshold for required reporting, with fines of up to £17 million for noncompliance. Why not get ahead of the game?

The threat of future fines for your business is not the only reason to act. According to the ICO, ransomware attacks in the UK have reached a record high, with 700+ organisations compromised. This directly affects the personal data of over 5.3 million individuals—for context, about the population of Nairobi or Melbourne.

Latest UK Attack Update

Late last year, even the Royal Family’s official website was targeted in a denial-of-service attack claimed by the Russian group Killnet, proving that even the most highly protected websites can be affected. We also saw cyber breaches in the least expected places in the same period. St Augustine Academy, a Maidstone secondary school, saw their pupil and parental data seized and encrypted in September. This left parents uncertain about the safety of their personal information and showed us that similar attacks can occur anywhere. Highgate Wood school was also targeted in the same month – forcing it to close – alongside several schools in Suffolk, Wiltshire and elsewhere in Britain.

The UK’s Department for Science, Innovation & Technology (DSIT) states higher education institutions (HEIs) are “more severely affected” than schools, with 60 per cent of those attacked experiencing financial loss or data compromise – a stark comparison to just 24 per cent of average businesses. 45 per cent report having breached accounts weaponised for illegal purposes, which incurs a much more substantial problem for universities than other large entities. In light of this, according to the chair of UCISA (the member-led professional body for practitioners within education), HEIs are also much better informed and, overall, more aware of the risks than other education sector members.

Unveiling the Dark Reality of Cyber Assaults

These attacks may look superficial but illuminate a genuine and sinister threat. Companies that store our most sensitive data are bombarded with attacks daily, even data as personal as our DNA. On October 6, 2023, 23andMe revealed it had fallen victim to a data breach.

The attack targeted 1 million users with Ashkenazi Jewish heritage, selling phenotype information, personal photographs, links to hundreds of potential relatives, and, most devastatingly, raw data profiles.

The hacking group Golem claimed that among the data were “the wealthiest people in the US and Western Europe,” such as the Royals, Rockefellers, and Rothschilds—a claim that has yet to be confirmed. This delicate data was sold for a meagre sum, often for no more than ten US dollars, depending on the data a buyer purchased. This catastrophic incident has forced DNA companies to employ multi-factor authentication logins as a default.

Closer to home, KNP Logistics, one of Britain’s largest privately-owned logistics companies, declared itself insolvent in September 2023. The culprit? A ransomware attack back in June left 730 redundant employees in its wake. KNP could not secure the urgent investment needed to bounce back, and investor trust was severely eroded due to the compromised financial information and critical operating systems. The firm has been added to the long list of the Akira ransomware gang’s helpless victims, making a public example of the threat that the NCSC describes as “one of the most significant cyber threats facing the UK.”

Crafting a Robust Defence Strategy

Keeping you and your team updated on emerging attacks targeting businesses your size is paramount for protection. These recent attacks and statistics underscore the pressing need for SMEs to have a comprehensive response plan and understand the diverse array of daily attacks threatening businesses.

At Thrive, we have extensive experience working with SMEs to help them raise barriers and protect themselves from the most determined cyber attacks. Get in touch with Thrive now and secure your business’s future today.

The post Safeguarding Your SME Business: Navigating the Rising Tide of Cyber Threats appeared first on Thrive.