Cyber; Industry News

DFS Urges Compliance Measures in Wake of Russian Attack on Ukraine

​ The New York State Department of Financial Services (DFS) is urging precautions following Russia’s invasion of Ukraine last week. In a Feb. 25 letter to all regulated people and entities, DFS provided detailed guidance. We encourage all of you to: Review the contents of the letter; andImplement those measures that are appropriate for firms of your size and scope of operations. This is particularly necessary if you do business with companies in either of the two countries.Writing that the “Russian invasion of Ukraine significantly elevates the cyber risk for the U.S. financial sector,” Superintendent Adrienne Harris said that regulated entities should:Review their cybersecurity programs…

Continue ReadingDFS Urges Compliance Measures in Wake of Russian Attack on Ukraine

URGENT: New Security Hole Threatens Computer Networks

​The federal government is warning that a newly-discovered computer software vulnerability poses a major threat to the security of computer networks. We urge all members to address this threat immediately with either their internal information technology staffs or with qualified technology consultants.Federal government agencies, including the National Security Agency and the Department of Homeland Security announced the discovery of the vulnerability on Dec. 10. Here is what you need to know:The vulnerability lies in the Log4j software library, written in the Java programming language and created by the Apache Software Foundation​. The Apache Software Foundation is not a company; it is a volunteer community of hundreds of…

Continue ReadingURGENT: New Security Hole Threatens Computer Networks

DFS: Implement Multi-Factor Authentication Even If Not Required

​The New York State Department of Financial Services (DFS) is urging the entities it regulates to implement multi-factor authentication (MFA) in their cybersecurity programs, regardless of their size. The statement came in an industry letter​ posted to the department's website on Dec. 7. If your agency is not already using MFA, you may want to consider implementing it soon.While stopping short of amending the Cybersecurity Requirements For Financial Services Companies regulation to require all entities it regulates to implement MFA, the letter declared, "Effective implementation of the Regulation's MFA requirement is one of the most potent ways to reduce cyber risk."MFA is "an authentication method that requires…

Continue ReadingDFS: Implement Multi-Factor Authentication Even If Not Required