U.S. financial organizations have been the victims of some of the largest cyber security breaches. From the customer data breach of JP Morgan in March 2014 to the more recent Equifax and Uber breaches last year, cybercrime is undoubtedly the biggest threat facing firms today.
According to the 2018 Verizon Data Breach Investigations Report (DBIR), there were over 53,000 security incidents last year with 2,216 confirmed data breaches, up from nearly 2,000 confirmed breaches and 42,000 security incidents in 2016. According to the findings, 58 percent of data breaches attacked small businesses – the most commonly attacked segment.
In an effort to protect customer data and bolster the integrity of the information technology systems that support that data, the New York Department of Financial Services (“DFS”) implemented a new set of cybersecurity regulations – 23 NYCRR Part 500 – in March 2017, requiring all DFS-regulated financial institutions, or “covered entities,” to develop and maintain a robust and compliant cybersecurity program.
Phase 1
(180 Days)
|
Phase 2
(1 Year )
- Perform penetration testing & vulnerability assessments
- Conduct risk assessments
- Conduct cyber awareness training
- Produce annual report on cyber program
Phase 3
(18 months )
- Maintain records & audit trails
- Establish guidelines for application security
- Limit data retention and establish safe data disposal procedures
- Monitor unauthorized access of sensitive information & encrypt nonpublic data
Phase 4
(2 Years )
|