‘Next great financial crisis could come from a cyberattack’: DFS report on SolarWinds attack

New York News

FILE – This Tuesday, Aug. 4, 2009, file photo shows the United States Chamber of Commerce building in Washington. Elite cyber spies have spent months secretly exploiting SolarWinds software to peer into computer networks, putting many of the company’s highest-profile customers in national governments, including the U.S. Treasury and Commerce departments, and Fortune 500 companies on high alert. (AP Photo/Manuel Balce Ceneta, File)

ALABNY, N.Y. (WWTI) — The New York State Department of Financial Services released a report on Tuesday regarding the investigation of the New York’s financial services industry’s response to the supply chain attack of the information technology company SolarWinds.

According to the DFS, during the “SolarWinds Attack” detailed in the report, hackers corrupted routine software updates that were downloaded onto thousands of organizations’ information systems.

“This incident confirms that the next great financial crisis could come from a cyberattack,” said Department of Financial Services Superintendent Linda A. Lacewell. “Seeing hackers get access to thousands of organizations in one stroke underscores that cyberattacks threaten not just individual companies but also the stability of the financial industry as a whole.”

The report released on April 27 by the DFS summarizes the SolarWinds Attack, the response by the DFS-regulated companies, and measure to prevent or mitigate future supply chain attacks.

The Department confirmed that DFS-regulated companies generally responded quickly; providing the following example:

94% of the reporting companies removed the vulnerabilities from their IT systems within three days of the SolarWinds Attack’s announcement.

New York State Department of Financial Services report on SolarWinds Attack

However, the DFS also found that some companies were not applying patches as regularly as needed. The Department identified the following measures to implement as “critical practices:”

  • Fully assess and address third party risk
  • Adopt a “zero trust” approach and implement multiple layers of security
  • Timely address vulnerabilities through patch deployment, testing and validation
  • Address supply chain compromise in incident response plans

A copy of the full report can be found on the DFS website.

The New York State Department of Financial Services “first-in-the-nation” Cybersecurity Regulation officially took effect March 2017.

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Download our news app

App Store Link
Google Play Link

Latest PODCAST episode

More PODCAST: On the Story with Trishna Begam
HOW TO MAKE NEWS10 YOUR HOMEPAGE_1280X720
CHECK OUT OUR NEW APP FEATURES

Click Below to set up your cable box

Latest COVID-19 News

More COVID-19

Cuomo Under Fire News

More Cuomo Under Fire