The latest enterprise risk management news from around the world

The New York State Department of Financial Services (DFS) has issued a report into the SolarWinds cyber attack, saying that the incident shows that a cyber attack could be the root cause of the ‘next great financial crisis’.

The report published the results of the DFS’s investigation into the New York financial services industry’s response to the SolarWinds attack, where hackers corrupted routine software updates that were downloaded onto thousands of organizations’ information systems.

“This incident confirms that the next great financial crisis could come from a cyber attack,” said Superintendent of Financial Services Linda A. Lacewell. “Seeing hackers get access to thousands of organizations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole.”

The report summarizes the SolarWinds attack, the response by DFS-regulated companies, and key measures to prevent or mitigate against future supply chain attacks.

The Department found that DFS-regulated companies generally responded quickly. 94 percent of the reporting companies removed the vulnerabilities from their IT systems within three days of the SolarWinds attack’s announcement. However, the DFS also found that some companies were not applying patches as regularly as needed to ensure timely remediation of high-risk cyber exposure.

In the report, DFS identifies the following cyber security measures as critical practices:

  • Fully assess and address third party risk.
  • Adopt a zero trust approach and implement multiple layers of security.
  • Timely address vulnerabilities through patch deployment, testing, and validation.
  • Address supply chain compromise in incident response plans.

Read the report (PDF).

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.