In light of Russia's recent military actions in Ukraine, the
New York Department of Financial Services issued guidance on its cybersecurity and virtual
currency regulations. The Department is specifically concerned
about heightened risk for Russia's cyberattacks against
Ukraine, which could in turn lead to retaliatory attacks against
U.S. critical infrastructure due to U.S. sanctions against
Russia.
The Department clarified that regulated entities should comply
with U.S. sanctions on Russia, but should take measures to mitigate
potential security risks. The following includes some
recommendations to mitigate increased cyber threats:
- Review cybersecurity programs with a particular eye on security
hygiene measures, such as multi-factor authentication; - Review, update and test incident response and business
continuity planning; - Implement practices not already in place in the
Department's June 2021 Ransomware Guidance; - Conduct regular penetration testing to check ability to restore
backups; and - Provide additional cybersecurity awareness trainings and
reminders for employees within the organization.
Putting it into Practice: Current world events
serve as a reminder for why it is important for organizations to
prioritize their cybersecurity programs and ensure that they take
mitigation efforts to prevent the devastating effects of
cyber-attacks.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Gloss