Fortune and other outlets have reported that New York’s governor and top banking regulator have just proposed regulations that would require the state’s banks to establish definitive cyber security programs to protect customer and institutional data. Requirements would include (but not be limited to): hiring a chief information security officer; implementing infrastructure, policies and practices to detect and thwart attacks; and notifying the NY Department of Financial Services of a material breach within 72 hours. IT security experts from VASCO Data Security and Lastline commented below.
John Gunn, VP of Communications at VASCO Data Security:
“While we applaud the positive elements of the proposal, we believe it was a mistake to abandon the requirement for multifactor authentication for consumer banking that Benjamin Lawsky had previously called for. Multifactor authentication has become almost transparent for banking customers with the integration of smartphones, and it is miles ahead of 30-year old user name and password methods. Many leading banks already use multifactor authentication to secure their customers’ accounts and this protection should be universal.”
Bert Rankin, CMO at Lastline:
“It is at this point almost inconceivable that any major financial institution either would not have already implemented such cyber defense solutions and practices, or would resist doing so. One of the most crucial, largely unaddressed issues is what types of cyber defense strategies the regulations might ultimately require.
“The fact is that malware behaviors and attack strategies mutate and evolve so quickly that measures focused on any one or two specific defense strategies would be antiquated in months, if not in weeks.
“The ability to detect highly evasive malware is at the heart of cyber security. It should be part of the core of effective regulation, and should actually be a lynchpin in every organization’s cyber defense and incident response.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…