Can Smaller Banks Comply with New York’s Proposed Cyber Security Rules?

Back to all articles

Can Smaller Banks Comply with New York’s Proposed Cyber Security Rules? 1

Back in September, 2016, the New York State Department of Financial Services proposed a set of cyber security rules aimed at improving security among financial institutions. If accepted, the proposed rules will make it mandatory for banks and other financial institutions, as well as insurance providers, to develop a cyber security plan, and appoint a CISO (Chief Information Security Officer), who would enforce that plan in case of a cyber security incident.

While the state’s intention with the proposal of these rules is to help protect financial institutions from cybercrime, with many of the affected organizations provisionally stating that they are in favor of them, there were many institutions that didn’t seem to welcome the new requirements. Smaller institutions were concerned that these requirements would become an unnecessary additional financial burden for them. However, there are solutions that could help make the implementation of these requirements more cost effective for all organizations, including the smaller providers of financial services.

Cybersecurity Programs and Policies at the Center of the Requirements

There are a few main areas encompassed in New York State’s Proposed Cybersecurity Requirements for Financial Services Companies:

  • Establishment of a Cybersecurity Program
  • Adoption of a Cybersecurity Policy
  • Designation of a CISO, (Chief Information Security Officer)
  • Third-Party Service Providers

There are some additional requirements for the cyber security programs that are supposed to include - among other things - written incident response plans for response to and recovery from cyber security events, and annual risk assessments of the integrity, confidentiality, and availability of information systems.

Incident Response Platforms

Though the proposed requirements appear to be too cumbersome, expensive, and difficult to implement for small financial institutions at first glance, there are affordable solutions on the market that can be adopted to address all the above cyber security rules. There are platforms providing an automated incident response and assist organizations in recovering from cyber security events quickly and efficiently. Incident response platforms are the most cost-effective solution that all regulated entities can adopt in order to adhere with the proposed requirements.

Such platforms are all-in-one solutions allowing for the identification of cyber risks and cyber security events, enabling recovery to normal operations, by performing automated forensics. Other capabilities include - determining the exact number of incidents that have occurred within a certain period of time and what has caused them. Additionally, there are incident response platforms capable of performing predictive analytics, allowing an organization to prioritize its response, resulting in reduced reaction time and significant financial savings.

Another important feature of an incident response platform is the ability to track digital evidence and create automated incident reports. They can be sent to an organization’s cyber security team.

Considering that every new state or federal requirement presents an additional burden for small banks and other financial services providers, these types of platforms are one of the rare solutions that will allow them to comply with those requirements without having to spend substantial amounts of money. These platforms automate the entire cybersecurity incident response and recovery process, effectively streamlining an organization’s cybersecurity plan in the most cost-effective manner.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields