On March 3, NYDFS issued an industry letter warning regulated financial entities of heightened cybersecurity threats stemming from ongoing global conflicts. The department noted that while it had not observed signs of a coordinated campaign targeting the financial services sector, recent events warranted increased vigilance. The letter advised regulated entities to review and ensure compliance with its cybersecurity regulation, 23 NYCRR Part 500, and to take steps such as promptly identifying and remediating known vulnerabilities, enhancing monitoring for suspicious activity, and securing account and authentication settings.
NYDFS also recommended institutions prepare for disruptive or destructive incidents by testing operational resilience procedures to restore critical functions and protect nonpublic information. It emphasized safeguarding against code injection attacks, monitoring financial transactions (including virtual currency activity) for sanctions and anti-money laundering compliance, and confirming the sufficiency of communication strategies in the event of prolonged disruptions. The letter did not impose any new requirements.
[View source.]
