NYDFS offers up sound best practices in addition to their recently released Cyber Insurance Risk Framework based on recent attack investigations, finding repeated use of “the same handful of techniques.”
The increase in ransomware attack frequency and success has caused massive premium increases over the last two years and has put pressure for more rigorous assessments of cybersecurity measures for insured organizations. New York’s DFS seeks to help financial service organizations with security controls they believe can help stop most ransomware attacks with new guidance to specifically counter the ransomware epidemic. These include:
- Email Filtering and Security Awareness Training – Both of these result in filtering. The first is a technology that eliminates the obvious phishing emails. The second leaves it up to the human element to see a phishing email for what it really is, thereby stopping an attack before it starts.
- Vulnerability/Patch Management – DFS recommends orgs “identify, assess, track, and remediate vulnerabilities on all enterprise assets within their infrastructure.”
- Multi-Factor Authentication – Currently, MFA for remote access to the network and all externally exposed enterprise and third-party applications is required by 23 NYCRR § 500.12. The DFS recommends if for all privileged accounts.
- Disable RDP Access – this should be obvious by now, as RDP compromise is the primary attack vector in 59% of attacks.
- Password Management – strong, unique passwords should be in use, vaulting privileged credentials, and disabling password caching is recommended.
- Privileged Access Management – implementing some form of least privilege, and a periodic inventory of all privileged accounts should be audited.
- Monitoring and Response – having an ability to monitor systems for intruders and respond to suspicious activity should be in place, along with EDR to quarantine and potentially stop ransomware from executing is recommended.