Ask Tim; Cyber

NY Cybersecurity Regulation: What Your Agency Needs To Do

Abstract: Sometime between now and April 15, each agency must log into the NYS Department of Financial Services (DFS) cyber portal and complete and submit one of two forms. Body: ​January 2025 has brought with it fresh batches of lake effect snow and a new cybersecurity regulation compliance filing season. Sometime between now and April 15, each agency must log into the NYS Department of Financial Services (DFS) cyber portal and complete and submit one of two forms:Certification of Material Compliance (if the agency was in material compliance with all sections of the regulation that applied to it in 2024.)Acknowledgement of Non-Compliance (if the agency…

Continue ReadingNY Cybersecurity Regulation: What Your Agency Needs To Do

DFS Letter: Beware of Cyber Risks From A.I.

Abstract: The New York State Department of Financial Services (DFS) has cautioned the entities it regulates to be alert to cybersecurity risks resulting from using artificial intelligence (AI) technology. Body: ​The New York State Department of Financial Services (DFS) has cautioned the entities it regulates to be alert to cybersecurity risks resulting from using artificial intelligence (AI) technology. The department also described steps for reducing those risks.DFS responded in the October 16 industry letter to questions about the cyber risks from AI and what to do about them. The letter did not add new requirements to those in the department's cybersecurity regulation. Instead, it explained…

Continue ReadingDFS Letter: Beware of Cyber Risks From A.I.

DFS Cybersecurity Alert: Hackers Infiltrating Help Desks

​The New York State Department of Financial Services (DFS) last week warned all financial services companies of a new cybersecurity threat targeting information technology (IT) help desks and service centers. A letter dated September 27, 2024 stated, "DFS has seen evidence that threat actors are targeting IT help desks and call centers using, among other tactics, voice-altering technology in conjunction with information obtained on the internet about the identities of personnel to convince help desks to reset passwords and divert multi-factor authentication (MFA) to new devices."DFS urged all entities it regulates to alert help desk and service center staff  to be diligent in authenticating the identities of anyone who…

Continue ReadingDFS Cybersecurity Alert: Hackers Infiltrating Help Desks