Takeaways from NYDFS ransomware guidance

Following an examination of ransomware instances reported by regulated entities over the past 18 months, the NYDFS observed these incidents all followed a similar pattern: “Hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups.”

Based on its findings, the NYDFS identified specific cyber-security measures it said all regulated entities should implement wherever possible. Those key measures are summarized below:

• Conduct recurrent anti-phishing training, “including how to spot, avoid, and report phishing attempts. Companies should also conduct periodic phishing exercises and test whether employees will click on attachments and embedded links in fake emails and remedial training for employees, as necessary.”
• Implement a vulnerability/patch management program to identify, assess, track, and remediate vulnerabilities on all enterprise assets within the infrastructure, including periodic penetration testing.
• Employ privileged access management to safeguard credentials for privileged accounts.
• Use multi-factor authentication and strong passwords—at least 16 characters—for all logins to privileged accounts, whether remote or internal.
• Monitor systems for intruders and respond to alerts of suspicious activity.
• Test and maintain backups that are segregated from the network and offline that will allow recovery in the event of a ransomware attack. Periodically test the backups by restoring critical systems from those backups.
• Have in place an incident response plan that explicitly addresses ransomware attacks. Make senior leadership part of the testing of that plan prior to any ransomware incident occurring.

“These controls, when implemented together, significantly reduce the risk of a successful ransomware attack,” stated the NYDFS.

The regulator, in its guidance, cited data shared by Secretary of Homeland Security Alejandro Mayorkas during a virtual event in May that the reported rate of ransomware attacks increased 300 percent in 2020.