New York Gov. Andrew Cuomo instructed state banking regulators last week to conduct targeted and revised routine cybersecurity preparedness checks at the state’s financial institutions as part of an effort to combat the growing risks of cybercrime.
The new examination process will include additional questions regarding IT management and governance, vendor management, disaster recovery, event management and incident response. Additional details about the timing and content of future examinations will be released by state regulators in coming weeks.
Cuomo’s directive followed the release of a cybersecurity report conducted by New York’s Department of Financial Services that showed most of the state’s banks experienced intrusions or attempted breaches over the past three years.
The report—the result of a year-long effort by state regulators—found that most banks view the increasing sophistication of threats and emerging technologies as the greatest challenges to building a strong cybersecurity program.
The most frequently cited methods used in intrusions included malware, phishing, pharming and botnets or zombies. Among the most frequent types of illegal activity by cybercriminals were account takeovers, identity theft, network disruptions and data integrity breaches.
“With today’s growing cyber threats we need to make sure New Yorkers’ finances are protected from online predators,” Cuomo said. “Targeted cyber security assessments for banks will better safeguard financial institutions from attacks and secure personal bank records from being breached. When consumers sign up for online banking they expect their personal information to be secure and we are working to make sure financial institutions take the proper precautions to safeguard it.”
In addition to enhanced cybersecurity assessments, the state’s regulators recommended in the report that all New York banks and credit unions join the Financial Services-Information Sharing and Analysis Center, which provides critical information on cyber threats to members.
“The fact that so much of our financial lives are spent online makes banks increasingly tempting targets for cyber attacks,” New York Superintendent of Financial Services Benjamin Lawsky said. “Hackers spend day and night trying to think up new ways to steal consumers’ personal information and disrupt our nation’s financial markets, and it’s more important than ever that we rise to meet that challenge.”