Skip to content

Keepit Receives Customer Top Rated Award from TrustRadius

Keepit’s continued focus on delivering premium SaaS data protection services results in top ratings from customers

Copenhagen, Denmark  – May 11, 2022 –  Keepit, the market leader in cloud backup and recovery, and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection with a blockchain-verified solution, today announced that the company has received a Top Rated award from research and review platform TrustRadius.  

The award is based on the rating scores Keepit’s customers give the Keepit product and services. In addition to the scores, customers are able to elaborate on their ratings in detailed comments. The most praised characteristics of Keepit’s services on TrustRadius are: ease of use; the speed and granularity of recovery times; the return on investment and value for money; customer support; and the retention policies.  

‘Buyers have many options when it comes to selecting SaaS Backup Software,’ said Megan Headley, VP of Research at TrustRadius. ‘Keepit earned a Top Rated award based directly on feedback from its customers. Reviewers on TrustRadius highlight Keepit’s easy implementation, worry-free operation, and breadth of functionality.” 

Keeping it simple pays off 

For Keepit, the award is a testament to the value of keeping a dedicated focus on the user experience – not just from a product interface perspective but also from all the services surrounding the product. Particularly, technical support and customer success management have been key areas of continuous improvement and refinement for the company, as well as transparency in the initial sales and onboarding processes. 

With a business strategy dedicated to the customer experience, the award is received with gratitude and pride:  

“For Keepit, this is one of the most valuable categories of awards we can receive,” says Keepit CEO Frederik Schouboe. “Our philosophy has always been to ‘keep it simple’ based on the understanding that a security solution will only work if it is properly implemented and incorporated in the day-to-day operations of an organization.  And that only happens if the solution is intuitive and efficient. An award based on customer praise which keeps repeating simplicity, ease of use, and ease of implementation as valued features is the ultimate stamp of approval for a company like Keepit.” 

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

INCONTROLLER / Pipedream: State-Sponsored Attack Tools Targeting Multiple ICS Systems

Dangerous New Malware Can Shut Down, Sabotage Industrial Sites

Pipedream, or Incontroller, is a custom-made, modular ICS attack framework that could be leveraged to cause disruption, degradation, and possibly even destruction depending on targets and the environment.

Pipedream can manipulate a wide variety of PLCs and industrial software, including Omron and Schneider Electric controllers, and can attack ubiquitous industrial technologies including CODESYS, Modbus, and OPC UA.

The framework’s capabilities include performing system enumeration, issuing WMI commands, executing host-based commands, and manipulating the registry. It exploits the known-vulnerable ASRock-signed motherboard driver to execute malicious code in the Windows kernel (CVE-2020-15368).

The framework includes three tools that enable the attacker to send instructions to ICS devices using industrial network protocols:

  • The first tool has multiple capabilities, such as the ability to scan for and enumerate OPC UA servers, suggesting a reconnaissance role.
  • The second tool communicates with ICS devices using the Modbus protocol, which potentially gives it the ability to interact with devices from different manufacturers. However, the tool contains a specific module to interact with, scan, and attack Schneider Electric’s Modicon M251 PLC using Codesys.
  • The third tool is designed to obtain shell access to Omron PLCs. It primarily operates using the HTTP protocol, however it also utilizes Omron’s proprietary FINS over UDP protocol for scanning and device identification.

CISA’s Alert to this also recommends using a tool such as SCADAfence

CISA’s Alert (AA22-103A) states “DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices implement the following proactive mitigations:

“Leverage a continuous OT monitoring solution to alert on malicious indicators and behaviors, watching internal systems and communications for known hostile actions and lateral movement. For enhanced network visibility to potentially identify abnormal traffic…”

SCADAfence has been on the forefront, defending organizations around the world from attacks on industrial control systems, both with our products, and as a managed service.

The Impact Of The INCONTROLLER / Pipedream Malware

The intent is to leverage the access to ICS systems to elevate privileges, move laterally within the networks, and sabotage mission-critical functions in liquified natural gas and electric power environments.
It has not yet been seen deployed in target networks.

How SCADAfence Detects INCONTROLLER / Pipedream

  • The SCADAfence Platform detects new connections, connections from external devices and from the Internet, and unauthorized connections to OT assets.
  • Furthermore, the Platform detects start, restart, and stop commands sent to PLCs in the network, as well as remote mode change commands which are needed steps to alter programs in PLCs.
  • The Platform additionally detects system enumeration scans and HTTP command execution.

Our Experts Recommend

  • Isolate ICS systems and networks from corporate and internet networks using strong perimeter controls, and limit any communications entering or leaving the perimeter.
  • Limit ICS systems’ network connections to allowed management and engineering workstations.
  • Enforce multi-factor authentication for all remote access to ICS networks and devices whenever possible.
  • Change all passwords to ICS devices, especially all default passwords, to unique, strong passwords.
  • Apply the latest security patches on the OT assets in the network.
  • Maintain offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups.
  • Enforce principle of least privilege. Only use admin accounts when required for tasks, such as installing software updates. 
  • Monitor systems for loading of unusual drivers, especially for ASRock drivers if no ASRock driver is normally used on the system.

Since the DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices to work with a continuous network monitoring solution going forward, let our experts help you keep your networks & industrial devices secure.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Data protection: All you need to know about data and why to protect it

Do you know where all your company’s data is and how it flows through your operations and processes? Company data flows on both official and unofficial channels, such as email, cloud, printers, instant messaging, etc. If employees don’t treat data with the proper care, it can very easily be lost. Read more about data protection – why it is important and how to do it best. 

In this article you will learn: 


How companies produce data

Business data is any information that is relevant for running a company. There are two types of data – input data and output data. Input data is provided by the users, and computers provide output data.

Companies gather data from various sources and channels, and they do so via different software or AI. More sophisticated tools are used for Big Data processing.

Examples of data that companies usually have:

  • Financial information
  • Company strategic information (long-term vision, business objectives, staff development, equality and diversity, etc.)
  • Business and sales forecasts
  • Customer information
  • Personal data
  • Website traffic statistics
  • Campaign details (social media, emailing, etc.)
  • Sales results
  • Warehouse and inventory data
  • HR data (employee information, salaries, interactions between teams, etc.)
  • Customer and partner information from CRM systems
  • Source code
  • Blueprint and designs

What is data flow

Data flow is the movement of your company’s data throughout your systems. Data can flow via both software and hardware and can be changed during the process of moving.

Different employees and teams have access to the data at specific points in the data flow. They can change data, provide data to other departments or vendors, or even delete data.

Data can leak at any moment, and every stage of the data flow can be risky in terms of data protection.

Where companies store their data

In the past, company data was stored on paper – in files and folders in offices and archives. During the process of digitization, all data was moved to digital formats. Data can be found and moved via the following channels (both official and unofficial):

  • File sharing websites and social media (WeTransfer, Twitter, Facebook, Send Anywhere)
  • Email (Webmail, POP3 / IMAP, SMTP)
  • Internet (HTTP, HTTPS, FTP, FTPS, P2P)
  • Cloud (OneDrive, Dropbox, Google Drive, Box, SharePoint)
  • Microsoft 365 (Exchange Online, SharePoint Online)
  • Instant messaging (Teams, Skype, Slack)
  • Removable storage (USB, Memory cards, External drives, Optical discs)
  • Media (CD, DVD, Blu-ray, Printers)
  • Connections (Bluetooth, FireWire)
  • Operations (Copy and Paste, Drag and Drop, Screen capture)


Why you should protect data

Insiders don’t treat data with care

Insider threats are on the rise due to trends in digital workspaces, flexible and remote work, and agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

Read more about insider threats here.

Data ends up in a competitor’s hands

Data has great value for companies and can easily generate another revenue stream. There are even companies whose business is based on data generation. So, employees might be motivated to steal a company’s data and sell it to competitors or other companies.

Reputation risks for a company

When a data breach occurs, a company’s reputation is at risk. Negative media coverage can lower the number of customers, and hence lower profit.

According to the US National Cyber Security Alliance, about 60 percent of small businesses close within six months of a major data leak and 85% of companies experience a data breach.

Data breaches caused by insiders are very costly

The costs of breaches can be enormous. The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 million in 2021. The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.

Regulatory compliance and GDPR

In the event of a data breach legal authorities may impose fines. The strictest regulation is GDPR. Companies that violate GDPR can expect the following fines:

  • The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher.
  • The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher.

Read more about GDPR in this article.


How companies lose their data

As stated above, the majority of insider threats are unintentional and occur for various reasons, such as hybrid modes of working, or BYOD approaches. Insider threats can also happen because employees are tired, work under stress, or are not aware of the security processes and importance of data security.

Let’s have a look at a few real-life situations that will show you how insider threats are a part of daily business operations.

James is rushing to kindergarten

James needs to pick up his child and doesn’t have enough time to update the customer database for the next day’s emailing. He might be able to do it from home, but according to the company’s policies, it is not possible to log in without a VPN. And he has just bought a new laptop but hasn’t set up the VPN yet.

Meanwhile his child is crying, and the teacher is calling James to see if he’s on his way. He is in a rush, so he copies the Excel sheet and uploads it to his personal Google Drive and decides to do his work at home in the evening. But his Google Drive is full of photos from his vacation and there’s not enough free space to upload the Excel sheet. So James uploads it to WeTransfer. With no encryption and no password.

Laura was interrupted by a colleague while sending out an email

Laura is working on an important email with financial documents for her company’s CFO, when suddenly her phone rings. It’s her colleague with an important issue that needs to be resolved right away. Laura is on the phone with her colleague when selecting a recipient’s email address. She is under pressure and therefore instead of the CFO’s name, she chooses the client’s email address from the suggestion.

Charlie doesn’t enjoy his job anymore

Charlie has issues with his manager and decides to find a new job. He is talented and has already received an offer from a competitor. Charlie knows that his company’s client database will be helpful in his new job and decides to take it with him. He thinks it’s risky to send it via email, so he uploads a few screenshots and database exports to his USB drive.


As you can see from the examples, insider threats mostly don’t have malicious intentions, however, the consequences might be as harmful to a company as a malicious act would be.

Whose hands your data might end up in

  • Hackers/ransomware groups might blackmail you, threatening the data will be published unless you pay some money to them.
  • Competition would be one step ahead of you in case they get access to your customers’ data, business plans, or know-how.
  • Contractors would be negotiating lower prices because they would be aware of your conditions, calculations, and margin.

How to protect your company’s data

No matter how many channels your company uses, there are a few universal ways of protecting your data.

  • Perform a data audit and find all your sensitive data. It is good to know what type of data your company operates with, where the data is stored and who has access to work with it or can change it.
  • Implement policies that specify how sensitive data can be handled and who can access it and for which purposes. Make sure your policies are easy to understand.
  • Educate your employees and explain to them the importance of data security. They should be aware of what type of data your company operates with and what are the consequences of misusing it.
  • Encrypt your data and make sure that even if you lose your flash drive or phone your data will remain safe.

A few more data security tips:

  • File sharing websites, social media and instant messaging – Block upload of the data, or notify employees about risky operation
  • Email – Restrict sending data to unknown external email addresses, notify employees about potential breach
  • Internet, cloud, O365 – Restrict uploading data to unofficial channels outside the company or notify employees
  • Printers – Check what type of documents your employees print based on contextual information and discover potential data breaches; restrict printing specific sensitive documents

How Safetica protects your data

Monitors your data flow

Safetica offers features to track and protect various data flow channels your company uses. Safetica checks your company’s outgoing communication channels and gives you an overview of how data travels in your company. Once you know your data flows you can set security measures. Notify your users about risky behavior or block dangerous file sharing actions.

Helps you to be compliant with regulations

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR or other data protection regulation. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.

Encrypts your data

Safetica gives you the option to manage encryption of USB devices and disks using BitLocker. The solution takes care of security key management and recovery.

Protect your data against insider threats

Safetica checks the users’ behavior and notifies you when finds anomalies. In case a user starts to send bigger amounts of data at night or works with different types of data out of a sudden, there is a potential incident, and the system notifies you, and you can take appropriate action.

Safetica notifies employees about risky operations, hence educating them about data security. It is important to trust your employees, however, let’s not forget we are all people, and people make mistakes. Safetica mitigates these risks, and you can go to sleep in peace knowing that data, people, and your company are protected.

    About Version 2
    Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

    About Safetica
    Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

    ×

    Hello!

    Click one of our contacts below to chat on WhatsApp

    Social Chat is free, download and try it now here!

    ×