Experts weigh in on New York’s cybersecurity rules taking effect this week
Regulations are good first step toward better consumer, business protection nationwide
By Byron Acohido, ThirdCertainty
The New York Department of Financial Service’s monumental new rules are on the horizon. The changes require banks and other financial services companies to prove they are using comprehensive cybersecurity policies and practices.
Much more than just the protection of individuals’ personal data and cash is at stake. Cyber attacks to steal or corrupt data, hijack financial transactions, or knock out critical systems represent a potentially catastrophic threat.
Related article: An FAQ on New York’s new cybersecurity rules
Designed to offset that threat, New York’s Cybersecurity Requirements for Financial Services Companies is being closely watched by lawmakers and agencies in other states considering similar mechanisms to compel organizations to do a better job securing their networks.
With the new rules set to take effect Wednesday, March 1, ThirdCertainty elicited these reactions from cybersecurity thought leaders:
Michael Patterson, CEO, Plixer International. Forcing businesses to take basic cybersecurity precautions is a great first step toward securing not only the businesses themselves, but also consumers. Taking a hard look at third-party vendors also is good practice since 63 percent of all data breaches can be attributed to a third-party vendor. … Rules, regulations, best practices and remediation provide the foundation for companies to protect their customers as well as themselves.
Balázs Scheidler, CTO and co-founder, Balabit. Under the new regulations, banks now are required to scrutinize their suppliers and to report on breaches that affect them. … Requiring breaches to be reported is a good first step, but is it enough? A more proactive approach would be to require close monitoring and analysis of suppliers’ activities in real time with automated tools. This would shorten breach and threat discovery, enabling institutions to avert or minimize breach impacts.
Adam Levin, chairman, CyberScout. (Full disclosure: CyberScout sponsors ThirdCertainty.) These regulations have teeth—and may be exactly what’s needed. Stand by for an explosion of controlled chaos, as some 1,900 banks, insurers, mortgage brokerages and asset management firms—companies that collectively manage $2.9 trillion in assets—scramble to establish quality cybersecurity programs. These companies must take steps to ensure the soundness of New York state’s financial services industry.
Jeff Hill, director of product management, Prevalent. These new rules are testament to the fact that more and more, regulators, state agencies, investors and other stakeholders are connecting the dots between financial health and cybersecurity. New York state’s new rules are particularly forward-looking in that they emphasize the importance of understanding and managing third-party risk. New York is forcing a critical element of its economic infrastructure to cover all its bases.
David Vergara, head of global product marketing, VASCO Data Security. In recent times, the regulatory pendulum has begun to swing in favor of a “lighter” approach for banks, financial services and for other industries, too. It’s good to see, however, that good sense regulations like this one have survived to offer additional consumer protection via thorough evaluations of third-party vendors, comprehensive risk assessments, and advocacy for stronger multifactor authentication.
More on need for new cybersecurity rules:
New York financial regulations could signal cybersecurity sea change nationwide
Despite revision, cybersecurity rules for New York financial sector still have teeth
$81 million cyber heist offers lessons for financial institutions