On Tuesday, the New York State Financial Services regulator announced details about new cybersecurity guidelines for banks & insurance companies under its jurisdiction.
This announcement came just after the indictment against the three individuals connected to the 2014 JPMorgan hacking incident which affected over 83 million households. Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein are among the individuals indicted for pulling off the largest theft of customer data from a US financial institution in history.
These new regulations would require firms to appoint a Chief Information Security Officer as well as implement a new multi-layered process for allowing employees and customers’ access to their systems.
Details of this new plan were mentioned in a letter sent by the New York State Department of Financial Services in hopes to help strengthen the financial industry’s cyber security backbone. To learn about how to achieve, prove and remain SOX Compliant, click here
The NYDFS regulations would also require firms to adopt cyber security policies and procedures among twelve areas including information security, data governance & classification, customer data privacy, vendor & third party service provider management and much more. If approved, these regulations would also require all entities to immediately notify the Department of any cyber security incident that takes place.
As of now, the proposed regulations are not concrete and are still up for debate, but this does not mean that financial institutions have any more time to waste regarding poor cyber security procedures. As the financial industry continues to be a prime target for attacks, it’s important that these institutions realize that they could very well be the next firm to suffer a devastating data breach if not taking this issue seriously.
If organizations want to maintain security and minimize the likelihood of a financial fallout from these cyber-attacks, they need to realize the likelihood of stopping all breaches is unlikely, but a preventative approach can be the best way to stop them. NNT Change Tracker Gen7 provides organizations with Non-stop, continuous visibility of what’s going on in your IT environment, allowing an organization to at least spot unusual change that represents a breach in real time and take action before any damage is done.
Read the letter from the NYDFS
Read the article on CSO Online