On March 1st, new regulations set by the New York’s Department of Financial Services, went into place which affected all of New York’s banks. The regulations require that all banks that have over $5million in revenue must establish a cybersecurity program that will be maintained and audited. A list of all regulations that must be implemented in two years include
-Notification of security breach protocols
-Have a CISO responsible fro protecting data
-Have pen testing, risk assessment, and multi factor authentication practices
-developed audit trail capabilities
-Retain all data for 3-5 years
Working at EY I focus on IT Risk assessment, so I highly agree with all the new regulations that are being set forth by the DFS. Since cyber attacks are becoming more prevalent and dangerous, every company, especially financial institutions with so much data on their clients, need to be prepared to deal with these threats. Although the proposed regulations don’t cover everything to make business invulnerable, they create a good baseline for other states to build off of when creating their own cybersecurity regulations for businesses.
http://www.darkreading.com/risk/new-cybersecurity-regulations-begin-today-for-ny-banks/d/d-id/1328295