Ask Tim; Cyber

DFS Letter: Beware of Cyber Risks From A.I.

Abstract: The New York State Department of Financial Services (DFS) has cautioned the entities it regulates to be alert to cybersecurity risks resulting from using artificial intelligence (AI) technology. Body: ​The New York State Department of Financial Services (DFS) has cautioned the entities it regulates to be alert to cybersecurity risks resulting from using artificial intelligence (AI) technology. The department also described steps for reducing those risks.DFS responded in the October 16 industry letter to questions about the cyber risks from AI and what to do about them. The letter did not add new requirements to those in the department's cybersecurity regulation. Instead, it explained…

Continue ReadingDFS Letter: Beware of Cyber Risks From A.I.

DFS Cybersecurity Alert: Hackers Infiltrating Help Desks

​The New York State Department of Financial Services (DFS) last week warned all financial services companies of a new cybersecurity threat targeting information technology (IT) help desks and service centers. A letter dated September 27, 2024 stated, "DFS has seen evidence that threat actors are targeting IT help desks and call centers using, among other tactics, voice-altering technology in conjunction with information obtained on the internet about the identities of personnel to convince help desks to reset passwords and divert multi-factor authentication (MFA) to new devices."DFS urged all entities it regulates to alert help desk and service center staff  to be diligent in authenticating the identities of anyone who…

Continue ReadingDFS Cybersecurity Alert: Hackers Infiltrating Help Desks

Deadline For New Cybersecurity Reg Requirments is Nov. 1

​We want to remind all Big I New York members of the upcoming deadline for complying with new cybersecurity requirements. The New York State Department of Financial Services (DFS) last November 1 amended its Cybersecurity Requirements for Financial Services Companies regulation. That amendment included several changes. Some of the changes took effect immediately. The deadlines for others were this past spring, with the deadlines for the rest next month and next year.Many of the regulation's 24 sections do not apply to businesses that qualify for the “limited exemption." A business qualifies for the limited exemption if any one of the following three things are true…

Continue ReadingDeadline For New Cybersecurity Reg Requirments is Nov. 1