© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Mark Instance, Tribeca: “although it never felt like it, providing IT services was certainly easier ten years ago!”


Industries today desperately need new technology. Upgrading old systems can often seem daunting and time-consuming, but failing to do so can have serious consequences.

Sir Clive Woodward, the World Cup Winning Rugby coach, once said “those businesses that win in IT, generally win” highlighting that those companies that see technology as an investment often gain a competitive advantage against their peers. Whether that be due to increased efficiency or solving problems quicker than their competitors, having a robust technology platform within your business is a vital contributor to your success. The support of that technology platform is also another important cog in your company's machine.

Recently, we reached out to Mark Instance, Managing Director at Tribeca – a specialist IT provider for the Alternative Investment community – to discuss current alternative investment issues, find out whether VPN brings enough security in the current geopolitical situation, and much more.

How did Tribeca come about in 2006? What has your journey been like?

I founded Tribeca in 2006 when I was the global head of IT for a financial services firm. I was looking around the market for outsourcing options at the time and was unable to find a provider that offered the tailored service that I was interested in.

Knowing that the IT team I had built within the business was capable of supporting a larger group of end-users – I decided to set up Tribeca to serve clients within the financial services sector.

Can you tell us a little bit about what you do? What problems do your services help solve?

We are a Managed Services Provider to the Alternative Investment sector, providing everything from desktop support services to IT strategy, security and infrastructure services. Many of our clients are small and medium-sized businesses without any internal IT resources.

For others, with internal IT teams, we fill the gaps in their knowledge or provide an extension of their internal teams in certain areas, be that Service Desk services or Security.

What would you consider to be the main issues affecting the alternative investment sector?

Clearly, the last two years have been challenging for all sectors, fortunately, the Alternative Investment sector wasn’t hit as hard by COVID-19 as others, as in the main, they were able to continue working from home throughout the various lockdowns. However, it did mean that firms have accelerated their digital transformation projects to facilitate the new hybrid working models.

As a regulated environment, it’s important to our clients that they maintain the same or better levels of Cyber Security in this new decentralised era of hybrid working – when employees can be working from different locations almost on a daily basis.

The Alternative Investment sector is highly targeted by Cybercriminals, especially SMEs – as they have access to large volumes of capital and the belief appears to be that they might not have the sophisticated business process in place around payments that a large corporate entity might. As a result, we are always working with our clients to advise what more can be done to secure their information assets.

What is it like providing IT services these days? Are there any new challenges you have to adapt to?

Although it never felt like it, it was certainly easier ten years ago! From a security standpoint – the controls available to us have never been greater, but the threats have also increased by many many multiples over that period.

As a Managed service provider with privileged access to our client’s IT systems – we need to ensure we are as secure as possible, as MSPs or service providers are a route into their clients’ networks – as we have seen fairly recently with the Kaseya breach in 2021, when criminals exploited a vulnerability within their software to gain access to thousands of businesses networks, via their Managed Service Providers.

What are your thoughts on IT systems specifically tailored to one’s business? Is it something each organization should invest in or is it only relevant for large enterprises?

Within our business, we use some bespoke software – that has come as a result of us not being able to find a product on the market that does exactly what we need it to. However, this is generally the exception rather than the rule, in 90% of cases we are able to find a product on the market.

The benefit of that is that you get the support from the vendor and you don’t have the overhead of having to continually develop the product yourself, ensuring it meets the latest security standards etc…

Generally, across our client base, we are seeing more and more companies subscribe to SaaS applications rather than hosting services themselves or developing their own products.

What are some of the most serious problems organizations can run into if managed IT solutions are not in place?

To flip the question around – I think the benefit of working with a good Managed Service provider is that clients get the benefit of experiences we see throughout the industry. As an internal IT team, it’s difficult to get that level of experience and exposure, unless you are very active in engaging with peers within the industry. That can lead to not taking advantage of the latest technologies that can drive growth/efficiency within your business.

In your opinion, what kind of cyberthreats are we going to see more of in the next few years?

I think the underlying threats are going to remain the same, however, the sophistication of those threats will continue to increase. Ransomware and Business Email Compromise (BEC) are the two biggest threats that we speak to clients about on a regular basis. Mostly driven by Cyber Criminals trying to hold digital assets to ransom or defraud businesses.

Over the last 3-5 years the sophistication of these types of attacks has increased significantly and we see that continuing – as long as companies pay the ransoms – more criminal gangs will continue to use the same methods.

Added to the threat of cyber criminals is the current geopolitical situation which I think it’s fair to say is probably at its most worrying for some time. Whilst we don’t think that ourselves or our clients would be the target of a Nation-State level attack – its very easy to become part of the collateral damage of such an attack, examples such as WannaCry and NotPetya showed that both large private sector and public sector firms can become embroiled in these situations if they are not careful.

What security measures do you think not only large enterprises but also casual Internet users should implement to tackle these new threats?

There are several security measures that we now recommend as standard to clients that only 5 years ago might have been seen as an “advanced” control.

Multifactor Authentication (MFA) is the first measure that we speak to new clients about. Enabling MFA on all applications that support it and having a process to regularly audit compliance with MFA is vital to ensure the security of your digital assets.

End-User Training is critical to a successful cyber security posture. Your team really are the last line of defence for your firm, as such a robust, engaging training solution needs to be implemented and championed by senior leaders within the business. It’s also important to focus on the behaviours that you want to encourage. If the goal of phishing training is to catch those that click on a bad URL and punish them – it’s the wrong solution. Encouraging your team to report suspicious behaviour to the IT/Security team needs to be a KPI against any training platform.

Encryption, in short – encrypt everything, wherever possible. So that in the event of a breach (be that a lost endpoint device or unauthorised access to corporate data) you can be confident that the data is as secure as possible.

Mobile Device Management (MDM), in the new work of hybrid working it’s even more important than before to have control over any device that accesses corporate data. As a result, a robust MDM solution is critical.

And finally, what’s next for Tribeca?

We are very much a company committed to growth (both for ourselves and to support our clients’ growth) so the future is to continue to grow our teams in the UK, Hong Kong and New York. We are also looking at the potential of moving into new locations in the coming 12-18 months.



Leave a Reply

Your email address will not be published. Required fields are marked