They already are revamping regular examinations of banks and insurance companies by adding targeted assessments of barriers against hackers, Department of Financial Services Superintendent Ben Lawsky said.
He said he was “deeply worried” that within the next decade, or sooner, there will be “a major cyberattack aimed at the financial system” that could create a run or panic that spills over into the broader economy.
“At DFS, we believe that cybersecurity is likely the most important issue we will face in 2015 and perhaps for many years to come after that,” Lawsky said in an address at Columbia Law School. Internet architecture has grown up with usernames and passwords to verify identities, but all companies now should be moving toward “a multi-factor authentication system” with an additional layer of security, he said.
That could be, for example, a randomly generated second password immediately sent to users’ cellphones when they log in and is then needed for computer system access, Lawsky said. “As a result, if someone steals or guesses your password, they would not be able to get into the system unless they also have your cellphone,” he saaid.
The Department of Financial Services regulates more than 250 banks. Proposed regulations on cybersecurity should be issued in the coming weeks, spokesman Matt Anderson said.