NY State’s New Cybersec Requirements For Financial Services Cos

As Governor Cuomo recently announced, New York State’s new Cybersecurity Requirements for Financial Services Companies take effect on March 1, 2017.  Cybersecurity experts from Balabit, Prevalent and VASCO Data Security commented below.

Balázs Scheidler, CTO and Co-Founder at Balabit:

“Under the new regulations, banks are now required to scrutinize their suppliers, and to report on breaches that affect them. Since many of these suppliers might also have access to internal banking systems, those with remote access might be the leverage that an attacker would use to cross the perimeter, move laterally and take what they’re after, as happened with the Target breach.

“Requiring that breaches are reported is a good first step forward in improving detection of breaches, but is it enough? It’s a manual process that occurs after-the-fact of an attack. A more proactive approach would be to require close monitoring and analysis of suppliers’ activities in real time with automated tools. This would shorten breach and threat discovery, enabling institutions to avert or minimize breach impacts.”

Jeff Hill, Director of Product Management at Prevalent:

“For obvious reasons, the State of New York has a vested interest in the health of a financial industry critical to the State’s economic engine.  And – as these new rules are testament to – more and more, regulators, state agencies, investors, and other stakeholders are connecting the dots between financial health and cyber security.  The economic wake of a substantial data breach can stretch for years, impacting not only tangible bottom line results, but also inflicting reputational damage that can linger indefinitely.  New York State’s new rules are particularly forward-looking in that they emphasize the importance of understanding and managing 3rd party risk, the source of more than half of all breaches according to a number of studies.  Addressing what is often the soft underbelly of many enterprises’ cyber security defenses – third parties/vendors – the State of New York is forcing a critical element of its economic infrastructure to cover all its bases.”

John Gunn, Chief Marketing Officer at VASCO Data Security:

“New York State’s new cybersecurity rules are an important step forward in acknowledging the important role of biometric and risk-based authentication in stopping hacking attacks against online and mobile banking. Billions of dollars are being lost to fraud every year, and modern methods of authentication that eliminate the outdated use of passwords and instead rely on the new and transparent technologies are far more effective.”

.

David Vergara, Head of Global Product Marketing at VASCO Data Security:

“In recent time, the regulatory pendulum has begun to swing in favor of a “lighter” approach for banks, financial services and for other industries too, for that matter. It’s good to see, however, that good sense regulations like this one have survived to offer additional consumer protection via thorough evaluations of third party vendors, comprehensive risk assessments and advocacy for stronger multi-factor authentication.”