DFS: Military Action Means Greater Cyber Risk
Insurance agencies and other financlal services businesses should be on the alert for increased cybersecurity threats because of recent events, the New York State Department of Financial Services (DFS) said Tuesday.
The guidance came in an industry letter published March 3 and addressed to the chief information security officers (CISOs) of the entities DFS regulates (those in the banking, financial services, and insurance sectors). While the letter did not directly reference the outbreak of military action on February 28 between the U.S., Israel, and Iran, it did cite “ongoing conflicts.” Cybersecurity experts have expressed concern that Iran or its allies may launch retaliatory cyber attacks, despite damage to that country’s infrastructure.
While the DFS letter admitted that “… the Department has not observed indications of a specific, coordinated campaign targeting the financial services industry or its Regulated Entities,” it advised all regulated entities to “ensure that their cybersecurity risk management practices reflect the current heightened threat environment.”
Beyond complying fully with the state’s financial services cybersecurity regulation, the letter advised entities to:
- Identify and correct known network vulnerabilities
- Test their cyber defensive procedures in anticipation of security incidents
- Prepare to communicate with staff and customers about a prolonged network outage, should one occur
- Enhance monitoring for suspicious network activity
- Give network users the least amount of access privileges they need to perform authorized tasks
- Mare sure that firewall, multi-factor authentication (MFA) and other security settings are securely configured
- Restrict the ability of users to input information into databases and validate the data before it reaches them
- Monitor bank and credit card transactions for unauthorized or suspicious activity.
You may also want to check in with your clients who carry cyber insurance. Virtually every insurance policy contains a provision excluding coverage for losses resulting from a war. It is possible that those exclusions may apply to losses stemming from the current hostilities.
More information about compliance with the New York regulation is available in the Cybersecurity section of this website.
Topics
