DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Monday, 08 April 2019 16:07

Using the New NYDFS Cybersecurity Regulation to “Lock the Data Vault” for Financial Institutions

The New York Department of Financial Services (NYDFS) requires all regulated entities to adopt the core requirements of a cybersecurity program. Panorays’ Matan Or-El discusses the regulation’s impact on financial institutions.

The cybersecurity landscape is becoming increasingly volatile for financial institutions that are scrambling to fight off a barrage of cyberattacks like bots, credential stuffing, account takeovers and more. Those attacks are taking the form of banking Trojans along with ATM and mobile malware. With open banking on the horizon, financial institutions will increase their risks incrementally with the new services they offer. The protection of personal data, accounts and reputation is at stake.

With the deluge of breaches in the last year, it is a wonder that any personal data is left to protect that hasn’t already been sold on the dark web. These devastating trends have prompted lawmakers in New York State to institute the New York State Department of Financial Services Cybersecurity Regulation (NYDFS). This new regulation, which went into effect in March, outlines cybersecurity standards for financial institutions including credit unions, health insurers, investment companies, licensed lenders, life insurance companies, mortgage brokers, savings and loans associations, private bankers, offices of foreign banks and commercial banks.

The new regulation requires organizations to review their security risk and develop policies that meet compliance standards relating to data governance, classification, access controls, system monitoring and incident response. Organizations that are regulated are now required to adhere to these guidelines: