New York Surveying Banks on Cybersecurity Defenses

New York financial regulators are considering tougher cybersecurity requirements for banks to mandate more complex computer sign-ins and certifications from the contractors of their cyberdefenses, the state’s top regulator said Wednesday.

They already are revamping regular examinations of banks and insurance companies by adding targeted assessments of barriers against hackers, Department of Financial Services Superintendent Ben Lawsky said.

He said he was “deeply worried” that within the next decade, or sooner, there will be “a major cyberattack aimed at the financial system” that could create a run or panic that spills over into the broader economy.

“At DFS, we believe that cybersecurity is likely the most important issue we will face in 2015 and perhaps for many years to come after that,” Lawsky said in an address at Columbia Law School. Internet architecture has grown up with usernames and passwords to verify identities, but all companies now should be moving toward “a multi-factor authentication system” with an additional layer of security, he said.

That could be, for example, a randomly generated second password immediately sent to users’ cellphones when they log in and is then needed for computer system access, Lawsky said. “As a result, if someone steals or guesses your password, they would not be able to get into the system unless they also have your cellphone,” he saaid.

The Department of Financial Services regulates more than 250 banks. Proposed regulations on cybersecurity should be issued in the coming weeks, spokesman Matt Anderson said.

This article appeared in print on page 5 of the February 26th, 2015 edition of Hamodia.