“As one of the world’s most sophisticated and complex industries makes a multifaceted transition – from analogue to digital, centralized to distributed and fossil-based to low-carbon – managing cyber risk and preventing cyberthreats are quickly becoming critical to company value chains.”

— Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers White Paper, World Economic Forum, 2021.

• Complex, environments of IT and OT technology of varying ages means some infrastructure can’t be patched. 
• Vulnerabilities in operational technology jumped 88%, from 690 in 2020 to 1,295 in 2021.
• At the same time, OT assets are increasingly connected to networks, exposing critical infrastructure.
• 67% of applications in the utility sector have at least one exploitable severe vulnerability open throughout the year
• FERC, NERC, State and Federal compliance requirements may differ from current security best practices.
• Costs of replacement, repair, or disruption of critical infrastructure have increased due to supply chain distruptions (Covid-19, inflation, inventory loss, pressure to reduce offshoring, new legal regulations, and supplier choices driven by external social and environmental factors) 
• Utilities faced 1780 DDoS attacks between June and August last year, a 595% increase from the year prior. 
• The average cybersecurity budget in the energy sector is about 10% less than the average in other sectors. 

Healthcare organizations have rapidly expanding weaknesses due to:

• Rapid development and usage of telehealth technology
• Legacy technology that can’t be patched.
• Multiple operating systems (11+) that don’t allow for install of security solutions
• IT, OT, and other control systems (IP cameras, HVAC, access control, phones)
• IoMT devices (biomechanical, patient monitors, patient scanning, pumps)
• Multiple supply chain threats

The top 5 threats to healthcare today are:

1. Ransomware
2. Phishing and Spear-Phishing
3. Thirday party / Partner breach
4. Data Breach
5. Insider Threats

Healthcare cybersecurity statistics:

• (2021) Attacks against health plans increased by 35%, and third party vendors by 18%.
• The average cost of a healthcare data breach has reached $9.23 million
• Healthcare providers can spend up to $408 for each patient record compromised and an additional $1.75 million to regain reputation.
• Healthcare cybersecurity budgets are only 8% of the total IT budget
• 90% of healthcare staff working remotely during the pandemic did not receive any security guidelines or data privacy training before going remote.

A recent report conducted by Financial Times’ Longitude found some interesting statistics when it comes to cyber security in manufacturing companies. The research surveyed 350 industrial companies across Europe and the USA. According to the survey, 75% of organisations were aware of the present cyber risks, with 40% of them having faced a cyberattack within the last 12 months. The study reveals that among those companies that experienced a cyberattack, half of the respondents acknowledged the negative impact on profitability and loss of profits. This is followed by reputational damage and legal costs, recognized by 40% of those attacked.

When asked if manufacturers are prepared for the common types of attacks, including scamming, phishing, MITM (man-in-the-middle attack), ransomware and SQL injection, medium-sized companies turned out to be the least prepared. They had the lowest level of preparedness across the four categories, only having the same level of security as the small companies when it comes to phishing attacks.  Cyber hygiene turned out to be poor across all companies, no matter their size. Only a third of the companies encouraged their staff to regularly change passwords and update software. Less than half of the organisations held regular cyber security training and backed up their data.  When it comes to holding people responsible, it turns out the senior management lacks the proper cyber security governance in place. As few as 36% of the respondents gave one of the board members direct responsibilities for cybersecurity or even reported on the state of cybersecurity every year.

• The cost of cybercrime in the financial services sector is $18.3 million — the highest among other industries.
• On average, an employee in financial services has access to 11 million files. For larger firms, the number is even higher — 20 million.
• The average time it takes to contain a data breach is 233 days in the financial sector. 
• Financial services firms, on average, spend 10% of their IT budget and 0.3% of their revenue on cybersecurity. 
• There were 736,071,428 phishing web attacks in the financial sector in 2020

• 62% of about 10.7 million enterprise malware incidents in the last month belonged to the education sector.
• Between July and September 2020, the education sector witnessed a 20% increase in cyber attacks.
• Only 54% of educators are familiar with the concept of ransomware.
• 72% of end-user devices in educational institutes are running older OS versions.
• One survey showed that 44% of education institutions were targeted by ransomware in 2020 (SOPHOS, 2021)

While most IT and security teams are leveraging tools and technology that wait for an attacker to create an action before responding, we take a different approach. Through proactive threat intelligence, we offensively eliminate malicious communications before they get distributed throughout the network. If they are already in there before we take over, we will catch them when they call out of your network as well. We produce RESULTS – NOT ALERTS. 

Through a combination of automation, consolidation and staff augmentation, we free up valuable resources so you can focus on revenue generating business activities. With flexible, scalable payment and financing options, your organization can invest today without compromise.

Our team of security analysts, engineers and researchers work 24/7/365 to detect and stop malicious threat actors while providing hands on network support in collaboration with, or in place of your existing IT resources. Cost savings are realized immediately by replacing multiple specialists and by freeing up and upskilling existing personnel.

Due to the ever changing regulations your industry demands we will help you build a well structured Risk Management and Compliance practice. In addition to a Risk Analysis and Security Risk Assessment, we provide policies and procedures customized to your business, bringing your business into compliance now and in the future.

We understand that purchasing and deploying a cybersecurity solution is only half the battle. Our team has experience using the best tools in the world and we will help you manage yours as well. Through a combination of policies, procedures, scripts, threat intelligence and more we can even make a number of them stronger and faster. After all, if you had to choose between riding in a Formula 1 car for the first time, who would you choose to take the controls? One of your parents or Mario Andretti? 

Automated intelligence is only as good as the human intelligence it has been fed. 13 Layers currently aggregates global threat intelligence from over 25 million indicators of compromise across more than 900 lists and partnerships. Our clients enjoy direct access to this intelligence with a clear view of all of the blocked attackers including who is attempting the attack, how many times they tried, from which device and what kind of attack they attempted. We then take this live intelligence and feed it back into your other security solutions, making them stronger.

We have been in the trenches vetting vendors and providing penetration testing to networks of all sizes so that you don’t have to. Research and development is at the core of our business, and we’re happy to share that expertise with you. If you have recently purchased or are about to purchase a security tool or service, we are happy to provide actionable intel without the buzzwords. We use all of the same tools that we recommend to our clients and partners, so feel free to see what we have to offer as well. 

In order to protect our clients from the volatility of the cyber liability insurance market, we walk them through procurement, maintenance and renewals of policies. With 13 Layers as your Managed Security Services provider you can pass even the most astringent of cyber liability policy applications with flying colors.

By expanding their team to include 13 Layers, our clients have taken the power to distract and occupy away from their attackers. This allows them to focus on revenue and service delivery objectives to meet the growing post-pandemic digital transformation demand. After all, you probably got into this business to grow it, and not to worry at night and on weekends.