Responding to the recent hack of IT company SolarWinds, the New York State Department of Financial Services says that the next big financial crisis could come from a cyber attack.
During the SolarWinds break-in, hackers corrupted routine software updates that were downloaded onto thousands of organisations’ information systems.
“This incident confirms that the next great financial crisis could come from a cyber attack,” says superintendent of Financial Services Linda A. Lacewell. “Seeing hackers get access to thousands of organisations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole.”
In 2019, DFS was the first financial services regulator to create a Cybersecurity Division to oversee all aspects of security regulation across New York’s financial services industry.
The Department's report into the supply chain finance hack found that 94% of reporting companies removed the vulnerabilities from their IT systems within three days of the SolarWinds Attack’s announcement. However, it also found that some companies were not applying patches as regularly as needed to ensure timely remediation of high-risk cyber exposure.
In the report, DFS identifies the following cybersecurity measures as critical practices:
- Fully assess and address third party risk.
- Adopt a “zero trust” approach and implement multiple layers of security.
- Timely address vulnerabilities through patch deployment, testing, and validation.
- Address supply chain compromise in incident response plans.