‘The next great financial crisis could come from a cyber attack’ says DFS report
- Published: Tuesday, 11 May 2021 07:46
The New York State Department of Financial Services (DFS) has issued a report into the SolarWinds cyber attack, saying that the incident shows that a cyber attack could be the root cause of the ‘next great financial crisis’.
The report published the results of the DFS’s investigation into the New York financial services industry’s response to the SolarWinds attack, where hackers corrupted routine software updates that were downloaded onto thousands of organizations’ information systems.
“This incident confirms that the next great financial crisis could come from a cyber attack,” said Superintendent of Financial Services Linda A. Lacewell. “Seeing hackers get access to thousands of organizations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole.”
The report summarizes the SolarWinds attack, the response by DFS-regulated companies, and key measures to prevent or mitigate against future supply chain attacks.
The Department found that DFS-regulated companies generally responded quickly. 94 percent of the reporting companies removed the vulnerabilities from their IT systems within three days of the SolarWinds attack’s announcement. However, the DFS also found that some companies were not applying patches as regularly as needed to ensure timely remediation of high-risk cyber exposure.
In the report, DFS identifies the following cyber security measures as critical practices:
- Fully assess and address third party risk.
- Adopt a zero trust approach and implement multiple layers of security.
- Timely address vulnerabilities through patch deployment, testing, and validation.
- Address supply chain compromise in incident response plans.
Read the report (PDF).