Keepit wins at Cyber Defense Magazine’s 12th Annual InfoSec awards during CyberDefenseCon 2024  

COPENHAGEN, DENMARK. October 31, 2024 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today announced it has won in four categories at the Top Infosec Innovator 2024 awards. Keepit was named the winner in the following categories: “Cutting Edge Cloud Backup”, “Most Innovative Cyber Resilience”, “Hot Company Data Security Platform” and “Hot Company Ransomware Protection of SaaS Data”. 

Headquartered in Copenhagen with offices and data centers globally, Keepit future-proofs cloud data for organizations, ensuring business continuity and access to information.

“Ransomware is only one of the many threats companies face in today’s cybersecurity landscape. Keepit provides the tools for companies to be secure and confident in their disaster recovery plans: a platform that enables rapid recovery and data monitoring for early anomaly detection. We’re thrilled that Cyber Defense Magazine has recognized our platform for these coveted awards”, says Michele Hayes, CMO at Keepit.

“We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cyber-crime. Keepit is worthy of being named a winner in these coveted awards and consideration for deployment in your environment,” said Yan Ross, Editor of Cyber Defense Magazine.

Keepit platform was also named “Best Cybersecurity Backup Service” by Business Awards UK, 2024 Cybersecurity and Resilience Awards  and  “Best Security Solution for Data Management / Data Protection” by the Cloud Security Awards 2024. Keepit was recognized in four categories at the Global Infosec Awards 2024 (at RSA), including “Most Innovative Compliance,” “Publisher’s Choice Cyber Resilience,” “Best Product Data Recovery,” and “Hot Company Ransomware Recovery.” The Keepit platform also received “Best Use of SaaS in a Cloud Ecosystem” at the 2024 SaaS Awards.

The full list of the Top InfoSec Innovators for 2024 is found here: https://cyberdefenseawards.com/top-infosec-innovators-for-2024/.

In today’s digital landscape, where cloud-based services like Microsoft 365 dominate, cyber resilience has become a top priority for organizations. Businesses are increasingly relying on SaaS (software-as-a service) platforms, assuming that all their data is secure. However, without the right backup strategy, they may find themselves vulnerable in the face of data loss or a cyberattack.

In this post, I want to share a real-world experience from a client that highlights the importance of SaaS data recovery and how it plays a crucial role in maintaining operational continuity.

A crisis unfolds

One of our partner’s clients, who remains anonymous due to confidentiality agreements, faced a daunting cyberattack that compromised their Microsoft Azure AD (Entra ID). Like many businesses, they believed their data was safe in the cloud, under Microsoft’s protection. What they didn’t realize, however, is that Microsoft’s services are not immune to data loss or breaches, and the responsibility for safeguarding data ultimately lies with the customer. This is part of what’s known as the shared responsibility model, where cloud providers handle infrastructure security, but data protection remains the customer’s responsibility. Read Microsoft’s shared responsibility in the cloud (source: Microsoft).

When the attack occurred, the client was caught off-guard. Administrative accounts were compromised, some user accounts were maliciously deleted, and there were attempts to exfiltrate sensitive data from SharePoint. The customer’s crisis committee immediately launched an investigation, but they quickly ran into a roadblock: Azure AD only retains logs for 30 days, making it impossible for them to perform an in-depth forensic analysis of what had transpired.

The flow of recovery

By using Keepit backup and recovery for Microsoft Entra ID (formerly Azure Active Directory), we were able to act quickly in response to the cyberattack in three broad steps:

• Downloaded the last 12 months sign-in and audit logs of Entra ID for investigative analysis using Keepit’s unlimited storage and retention capability.
• Traced when and what changes happened on the compromised accounts using Keepit for Entra ID metadata previewer feature.
• Restored the affected user accounts along with their configurations and permissions without needing to recreate accounts from scratch using Keepit for Entra ID’s powerful recovery features.

The power of backup

This is where Keepit became a game-changer. By leveraging Keepit’s robust backup capabilities, we were able to provide the customer with access to logs that spanned an entire year. This historical data was critical for the investigation, as it allowed the customer to trace the breach back to its origins, determine the extent of the damage, and understand when the attack had taken place.

But data recovery goes beyond simply accessing logs. The compromised user accounts needed to be restored, along with all their associated settings (metadata) — something that would have been a nightmare without the right backup solution. Keepit’s ability to restore not just user accounts but also their configurations, MFA settings, and group memberships ensured the client could recover quickly without having to start from scratch. If the client had relied on a standard backup solution, the process would have taken significantly longer, jeopardizing their recovery time objective (RTO).

The lesson: Backup is non-negotiable

This experience underscores a key lesson: Having a comprehensive SaaS data backup and recovery strategy is essential to cyber resilience. It’s not just about restoring files but about maintaining business continuity, even when the unexpected happens. The ability to quickly recover from a breach can mean the difference between a short disruption and a prolonged, business-threatening downtime.

For companies operating 100% in the cloud, like our client, backing up identity systems (such as Entra ID) is as crucial as backing up files. When administrative accounts are compromised, and there’s no backup, organizations face the risk of losing more than just data — they risk losing control over their entire cloud environment. Read more on why Microsoft Azure AD needs to be backed up in the cloud.

Cyber resilience starts with recovery

The ease and speed with which we were able to restore the client’s operations, thanks to Keepit, reaffirmed the central role that data recovery plays in cyber resilience. It’s not just about preparing for attacks but also about having the right tools in place to recover from them. This customer, through our guidance, has now included Keepit as a key component in their cyber resilience strategy. They understand that backup is no longer a nice-to-have; it’s a critical aspect of their business continuity planning.

In a world where the question isn’t if an attack will happen, but when, the ability to recover swiftly is a vital need. With Keepit, we were able to help our client turn what could have been a catastrophic breach into a manageable incident, all thanks to a well-implemented SaaS data recovery strategy.

This article is part one of a two-part series sharing a real-world customer story on cyber resilience. In part two, we look into how cyber insurance played a critical role in protecting a business from the financial impact of a ransomware attack. Read part two entitled “Real-world recovery: The role of cyber insurance in ransomware resilience.”

The Digital Operational Resilience Act (DORA) marks a new phase in how financial institutions must approach cybersecurity and operational resilience. With its January 2025 implementation date fast approaching, institutions are focusing on aligning their ICT (information and communication technology) risk management frameworks with DORA’s stringent requirements.

One critical aspect of compliance under DORA is ensuring that institutions have robust backup policies and procedures in place. This article discusses how backup solutions, particularly cloud-based ones, can help financial institutions meet DORA compliance requirements, ensuring minimal downtime and protecting the integrity of their operations.  

Unpacking DORA’s backup requirements 

DORA mandates that financial institutions incorporate comprehensive backup, restoration, and recovery measures into their ICT risk management strategies. These backup systems are not simply a technical requirement — they play a central role in ensuring business continuity. DORA stipulates that backup solutions must be:

• Secure: Protect the confidentiality, integrity, and availability of data. 
• Activated without compromising IT systems: Backup procedures should not expose systems to further vulnerabilities during restoration processes.

In practical terms, financial institutions must set up backup systems that can withstand cyber incidents, system failures, and disruptions. Crucially, DORA emphasizes that backup is not just an IT issue — it is a governance issue, requiring oversight and approval from executive management. Backup solutions must, therefore, be part of the organization’s strategic ICT risk framework. 

The role of backup solutions in DORA compliance 

Effective backup policies and procedures lie at the heart of operational resilience and DORA compliance. In line with internationally recognized standards like ISO 22301 (business continuity) and ISO 27031 (ICT disaster recovery), backup solutions are indispensable for preparing for and recovering from disruptive incidents.

DORA’s focus extends beyond simple data restoration. It includes ensuring logical and physical data segregation (air gapping), data encryption standard, access control, data integrity, and redundancy. Financial institutions need to select backup solutions that ensure the following: 

• Redundancy and high availability: Ensures continuity by replicating data across multiple locations. 
• Strong encryption and access control: Secures data both at rest and in transit. 
• Quick recovery times: Minimizes downtime during an incident response by swiftly restoring access to critical systems and data.

Choosing a third-party backup provider with a proven track record in financial services can help ensure compliance, while also mitigating risks in the event of an incident. 

Regular testing: A pillar of effective backup practices 

Under DORA, regular testing of backup and restoration procedures is mandatory. This ensures that institutions can quickly recover in the face of incidents, while also identifying gaps in their current strategies. These tests must be conducted periodically, with large organizations often needing to implement threat-led penetration testing (TLPT).

However, not all backup solutions offer equal efficiency when it comes to testing and auditing. When choosing a vendor, it is important to look for those that support: 

• Efficient auditing and reporting: Documenting the effectiveness of backup processes without using excessive business resources. 
• Frequent and flexible testing capabilities: Allowing businesses to test their backup infrastructure as often as necessary to ensure compliance with DORA’s stringent requirements.

As backup testing will be a recurring event under DORA, the ability to perform these tests without disrupting normal business operations will be critical for maintaining both operational resilience and regulatory compliance.

Conclusion 

Backup solutions are central to meeting DORA’s ICT risk management and operational resilience requirements. Financial institutions that invest in robust backup systems can protect their operations from disruptions, ensure continuity, and, most importantly, comply with the regulatory demands set out by DORA.

In summary, when selecting backup solutions, financial institutions should focus on key features that will ensure they can meet DORA’s stringent requirements: 

• Access control and encryption: Protect data integrity and confidentiality with data encryption standard. 
• Redundancy and high availability: Ensure that data is consistently available when needed. 
• Efficient testing and reporting: Minimize resource use while meeting regulatory testing mandates. 
• Comprehensive recovery plans: Ensure a quick and organized restoration of services after an incident. 
• Detailed documentation: Maintain thorough records of backup processes, testing, and recovery, crucial for both internal governance and external regulatory audits.

By implementing these strategies, financial institutions will not only achieve compliance with DORA but also enhance their resilience against cyberthreats, securing their operations and maintaining the trust of their customers. 

From insurance to defense: Creating a cybersecurity framework for ransomware resilience 

As organizations continue to adapt to an increasingly digital world, the risks we face from cyberattacks grow more complex and, unfortunately, more frequent. The rise of ransomware (and ransom payments) has become a significant threat to organizations of all sizes, demanding more robust defenses and comprehensive strategies to mitigate the associated risks.

Cyber insurance has emerged as one key tool in this fight, but it’s only part of a larger, multifaceted approach to cyber resilience. In this blog, I’ll explore the critical role of cyber insurance, alongside essential cybersecurity strategies, and how building your cybersecurity maturity framework — based on the controls required by insurers — helps ensure resilience.

The growing ransomware threat

Ransomware has evolved from opportunistic attacks to a sophisticated, well-organized criminal enterprise. According to ESG research, 89% of enterprises consider ransomware one of the top five threats to their business viability. This figure is alarming but not surprising. Surprisingly, 11% of organizations still don’t see ransomware as a top threat, despite its rapid growth and severity.\

Serious incidents, like ransomware, are no longer a question of “if” but “when.” Attackers continually refine their methods, targeting vulnerable organizations by exploiting gaps in security and even indirectly attacking through trusted third parties. As organizations expand their digital operations, they increase their exposure to these threats.

Many organizations assume they’re too small or insignificant to be targeted, but that assumption can be a dangerous one. Even companies that aren’t directly targeted are at risk. Cybercriminals no longer discriminate based on size or industry; they look for weaknesses and exploit them wherever they find them. Ransomware as a service (RaaS) has lowered the barrier to entry so much that even those lacking technical skills can “pay to play.” Read our blog about RaaS.

Understanding cyber insurance in a ransomware landscape

While cyber insurance can provide financial protection against the fallout of ransomware, it’s important to understand that it’s not a silver bullet. Insurance alone won’t save your business from downtime, data loss, or reputation damage. As we’ve seen with other types of insurance, such as property or health insurance, simply holding a policy doesn’t mean you’re immune to risks.

While cyber insurance is designed to mitigate financial risks, insurers are becoming increasingly discerning, often requiring businesses to demonstrate adequate cybersecurity controls before providing coverage. Gone are the days when businesses could simply “purchase” cyber insurance without robust cyber hygiene in place. Today’s insurers require businesses to have key controls such as multi-factor authentication (MFA), incident response plans, and regular vulnerability assessments.

Moreover, insurance alone doesn’t address the critical issue of data recovery. While an insurance payout can help with financial recovery, it can’t restore lost data or rebuild your reputation. This is where a comprehensive cybersecurity strategy comes in — one that encompasses both proactive and reactive measures, involving components like third-party data recovery software.

The role of insurability controls

To be insurable, organizations must meet certain cybersecurity criteria — what I like to call “insurability controls.” These controls aren’t just a checklist to meet insurance requirements; they’re also essential elements of a comprehensive cybersecurity maturity framework. Key among them are:

• Multi-factor authentication (MFA): A foundational requirement for accessing sensitive data and systems.
• Endpoint detection and response (EDR): Modern cyber insurance often mandates advanced detection and response capabilities to quickly identify and mitigate threats.
• Backup and recovery systems: These systems are the last line of defense in ransomware attacks. Ensuring backups are immutable, tested regularly, and stored offsite (air gapped) can be the difference between full recovery and total disaster.

At Keepit, we emphasize the importance of ensuring your backups are not only frequent but also resilient. Regularly testing the recovery process is essential. Many organizations overlook this crucial step, only to discover their backups are either corrupt or ineffective when they need them most. Practicing recovery ensures you’ll be able to bring your systems back online with minimal impact in the event of an attack.

Defense in depth: Beyond cyber insurance

Insurance is a vital part of your risk management strategy, but it needs to be layered with other defenses. A “defense in depth” approach means deploying multiple layers of security controls throughout your organization, ensuring that even if one layer is compromised, others can still protect your critical data and operations. This includes:

• Employee training and awareness: Your staff is often the weakest link in your security chain. Ensuring they’re aware of phishing attacks and social engineering tactics is critical. Regular phishing campaigns and security awareness training should be a cornerstone of your strategy.
• Third-party risk management: Often, cyberattacks originate not from within your organization but through trusted third parties. It’s essential to vet your partners and ensure they adhere to the same security standards you do — and consider their sub-processors.
• Incident response and retainers: Having a well-developed incident response plan is crucial, but so is having a retainer with a third-party provider who can immediately step in to help in the event of an attack. This adds an additional layer of protection and ensures a faster response time.
• Data governance and classification: Understanding what data you hold, where it resides, and how critical it is to your operations will help you protect your most valuable assets. Ensure that you’ve got policies in place for classifying and safeguarding sensitive data. If you don’t know what to protect, how will you protect it?

Data governance: Identifying and protecting the crown jewels

At the heart of any effective cybersecurity strategy is robust data governance. Understanding what data you have, where it resides, and how it is classified is critical to protecting your organization’s most valuable assets. Many organizations fail at the first step of cybersecurity — data identification — because they haven’t fully mapped out their data environment. The NIST cybersecurity framework puts understanding and assessing cybersecurity posture as step one.

Effective data governance ensures that critical data is classified correctly, protected adequately, and monitored continuously. If your organization hasn’t yet mapped out its data environment, now is the time to start.

Engaging the board and leadership in cybersecurity strategy

One of the most challenging aspects of building a resilient cybersecurity program is obtaining buy-in from the executive team and board of directors. As CISO, it’s my responsibility to communicate the risks in terms that resonate with leadership: operational continuity, financial impact, and reputational risk.

Framing security investments as business-critical decisions helps drive the necessary financial and strategic support for comprehensive cybersecurity measures. It’s essential to engage the board by linking cyber resilience directly to business outcomes — such as maintaining customer trust, complying with regulations, and ensuring business continuity in the face of ransomware threats.

For many organizations, cybersecurity is still seen as an IT problem. But in reality, it’s a business risk that requires input from every level of the organization. Encouraging open dialogue between IT, security, and the board ensures that security measures are not only implemented but actively supported across the organization.

Conclusion

Cyber insurance plays an important role in mitigating the financial impact of ransomware attacks, but it’s by no means a complete solution — and insurers have many more requirements before any coverage is offered. Businesses must embrace a comprehensive, defense-in-depth approach that includes insurability controls, regular testing of backup and recovery systems, and ongoing communication with both employees and executives.

As ransomware continues to evolve, so too must our defenses. By building a cybersecurity maturity framework based on insurability controls, regular testing, and proactive measures, businesses can ensure that they not only meet insurance requirements but also create a truly resilient organization. Only by preparing for the inevitable can we ensure that our businesses not only survive but thrive in the face of cyberthreats.

Executives express lack of confidence in protective measures and are unclear on where responsibilities for data protection lie

Copenhagen, Denmark – October 10, 2024 – Keepit, the world’s only vendor-independent cloud-native data protection platform, today released results from a recent survey. As SaaS applications become critical components of modern business operations the survey, conducted by Gatepoint Research for Keepit, reveals a troubling gap in confidence among executives regarding the protection of their SaaS data. The “SaaS data protection confidence survey”, which gathered responses from 100 senior decision-makers across industries such as finance, healthcare, technology, and manufacturing, shows that while businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data.

The survey will be a key focus of an upcoming webinar titled “Protecting your SaaS data – pitfalls and challenges to overcome”, scheduled for October 17, 2024. This event will provide industry professionals with actionable insights on how to bolster their SaaS data protection strategies and ensure compliance with evolving global regulations.

SaaS data protection confidence is low 

According to the survey, while 28% of respondents expressed high confidence in their data protection measures, a significant 31% reported moderate to severe lapses in their data protection. This lack of confidence is alarming as the use of SaaS applications continues to grow, with critical data stored in applications like Microsoft 365, Salesforce, and Power BI.

“Moderate confidence in SaaS data protection is not enough in today’s threat landscape,” said Paul Robichaux, Senior Product Director of Keepit and Microsoft MVP. “Organizations must ensure their data recovery processes are robust and regularly tested. Otherwise, they risk discovering weaknesses too late, when a disaster has already struck and they’re trying to recover.”

Compliance and data growth are major challenges

The survey reveals that 50% of respondents cite increased compliance requirements as their top challenge, with growing data volumes and the complexities of managing SaaS data also ranking high. As global regulations like NIS2 and DORA become more stringent, organizations are under pressure to ensure their SaaS data is adequately protected and compliant with these evolving mandates.

“In the financial industry, for example, DORA requires that backup environments be segregated from production environments to reduce risk.  And we know that many organizations aren’t well-prepared to meet these requirements,” noted Robichaux. “The rising volume of data, combined with increasingly complex regulations, presents a significant challenge for many organizations.”

Financial and reputational risks drive data protection priorities

The survey also highlights the financial and reputational risks associated with data loss. 57% of respondents identified brand and reputation damage as the most significant business impact of data loss, followed closely by financial consequences and regulatory compliance violations.

“Customer data is among the most valuable assets an organization holds,” said Robichaux. “Losing access to that data, whether through ransomware or accidental deletion, can have devastating financial and reputational consequences. Organizations need to take a proactive approach to ensure their SaaS data is protected.”

The big SaaS data backup disconnect

While 58% of respondents reported using Microsoft to back up their SaaS data, there is a disconnect between perception and reality. Many executives mistakenly believe their data is fully protected by native SaaS backup features. However, shared responsibility models mean that SaaS providers are not accountable for customers’ data backup, leaving a critical gap in protection.

“Only 15% of respondents consider backing up directory and identity services like Entra ID to be crucial, even though losing access to these services could cripple business operations,” Robichaux added. “This shows a need for better education around SaaS data protection.”

Budget and expertise are key roadblocks

When asked about the roadblocks to improving their data protection strategies, 56% of respondents cited budget constraints, while 33% noted a lack of expertise and resources. Many organizations also face the challenge of managing multiple data backup vendors, further complicating their efforts.

To help organizations navigate these challenges, Keepit will host a free webinar titled “Protecting Your SaaS Data – Pitfalls and Challenges to Overcome” on October 17, 2024, at 4:00 pm CEST. The webinar will delve deeper into the survey results and provide actionable insights into:

• Managing compliance with evolving global regulations
• Testing recovery procedures to ensure preparedness
• Mitigating financial and reputational risks associated with data loss

Attendees can also participate in a live Q&A session with industry experts and take a benchmark test to see how their organization stacks up.

Register for the webinar here.