Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Author: Scarinci Hollenbeck, LLC
Date: July 23, 2021
The Firm
201-896-4100 info@sh-law.comThe New York Division of Financial Services (NYDFS or Department) recently issued guidance on what steps financial institutions should be taking to reduce the risk of a ransomware attack. The new guidelines come as the number of ransomware attacks increased 300 percent in 2020.
Ransomware attacks are among the most disruptive cyberattacks. They have also become increasingly prevalent and more sophisticated in recent years. Cybercriminals’ success in obtaining large extortion payments has also financed the development of more effective hacking and ransomware tools and helped recruit additional hackers. Accordingly, NYDFS shares the FBI’s view that companies should avoid making ransomware payments if their networks are compromised. Instead, the Department is calling on businesses to dedicate their resources to thwarting attacks.
“As ransomware attacks continue to surge, implementing cybersecurity measures is critical to protect consumers and business lines,” Superintendent Linda Lacewell said in a press statement. “As reported, cybercriminals are not only extorting individual companies but also jeopardizing the stability of the financial services industry. We must all do our part to prevent ransomware incidents.”
In its ransomware guidance, NYDFS warns that a major ransomware attack could cause the next great financial crisis. “A ransomware attack that simultaneously cripples several financial services companies could lead to a loss of confidence in the financial system,” the guidance states. “This could happen either through an exploitation of a vulnerability in widely used software to attack many companies at once – as seen recently for SolarWinds and Microsoft Exchange – or through a single ransomware attack that disables critical infrastructure for financial services, such as a cloud services provider or a regional power grid.”
NYDFS also notes that the cost of ransomware has also impacted the cyber insurance market. Because of ransomware, loss ratios on cyber insurance increased from an average of 42% during 2015-2019 to 73% in 2020, according to the Department.
NYDFS has investigated reports of ransomware attacks made to the agency and determined that the perpetrators are repeatedly using the same handful of techniques. In most cases, hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups.
NYDFS has also confirmed that most attacks are preventable. “Each step in this playbook has known cybersecurity countermeasures, which if implemented effectively will substantially reduce the risk of a successful ransomware attack,” the Department states.
Below are several of NYDFS’s recommended security controls:
NYDFS further advises that given that ransomware attacks inherently pose significant risks to the confidentiality, integrity, and availability of an organization’s data, regulated companies should assume that any successful deployment of ransomware on their internal network should be reported to DFS “as promptly as possible and within 72 hours at the latest,” pursuant to 23 NYCRR § 500.17(a). Similarly, any intrusion where hackers gain access to privileged accounts generally must also be reported. According to the Department, it is considering clarifying its reporting requirements by expressly requiring these types of incidents to be reported.
If you have any questions or if you would like to discuss the matter further, please contact me, Thomas Herndon, Jr., or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
If you’re considering closing your business, it’s crucial to understand that simply shutting your doors does not end your legal obligations. Unless you formally dissolve your business, it continues to exist in the eyes of the law—leaving you exposed to ongoing liabilities such as taxes, compliance violations, and potential lawsuits. Dissolving a business can seem […]
Author: Christopher D. Warren
Contrary to what many people think, corporate restructuring isn’t all doom and gloom. Revamping a company’s organizational structure, corporate hierarchy, or operations procedures can help keep your business competitive. This is particularly true during challenging times. Corporate restructuring plays a critical role in modern business strategy. It helps companies adapt quickly to market changes. Following […]
Author: Dan Brecher
Cryptocurrency intimidates most people. The reason is straightforward. People fear what they do not understand. When confusion sets in, the common reaction is either to ignore the subject entirely or to mistrust it. For years, that is exactly how most of the public and even many in law enforcement treated cryptocurrency. However, such apprehension changed […]
Author: Bryce S. Robins
Using chattel paper to obtain a security interest in personal property is a powerful tool. It can ensure lenders have a legal claim on collateral ranging from inventory to intellectual property. To reduce risk and protect your legal rights, businesses and lenders should understand the legal framework. This framework governs the creation, sale, and enforcement […]
Author: Dan Brecher
For years, digital assets operated in a legal gray area, a frontier where innovation outpaced the reach of regulators and law enforcement. In this early “Wild West” phase of finance, crypto startups thrived under minimal oversight. That era, however, is coming to an end. The importance of crypto compliance has become paramount as cryptocurrency has […]
Author: Bryce S. Robins
Earlier this month, the U.S. Supreme Court issued a decision in Ames v. Ohio Department of Youth Services vitiating the so-called “background circumstances” test required by half of federal circuit courts.1 The background circumstances test required majority group plaintiffs pleading discrimination under Title VII of the Civil Rights Act to meet a heightened pleading standard […]
Author: Matthew F. Mimnaugh
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!