Insights

The New York Department of Financial Services (DFS) Cybersecurity Symposium on March 29, included a presentation entitled “Modernizing Cybersecurity Supervision,” presented by Assistant Deputy Superintendent William Peterson. The presentation outlined new efforts by DFS to revamp its supervision process to address modern cybersecurity challenges and to better evaluate how companies can prepare for and respond to attacks. Mr. Peterson identified several new tools to provide DFS with a more informative starting point, as well as create a more collaborative environment with covered entities. Security ratings are useful in settings like the DFS evaluations because they measure large pools of data. This data also gives an outside-in viewpoint, which will combine with an inside-out viewpoint collected via a questionnaire process called the Cybersecurity and Information Technology Baseline Risk Questionnaire (CIBRQ). DFS regulated entities will be required to periodically complete the new CIBRQ questionnaire tool. By combining traditional exam data and incorporating…

"My initial reaction was: 'they're doomed,'" cybersecurity expert Patrick Kelley, founder of Critical Path Security, said. Kelley said he was surprised to see funding for Atlanta Information Management drop since the 2018 ransomware attack, based on a report shared with the city's finance committee on March 30. "Most cybersecurity plans are built on a five-year maturity model," Kelley said. "We're not even four years after the recovery of the ransomware event that cost the city millions of dollars." Given limited resources, Kelley said local governments are already at a disadvantage compared to large corporations when it comes to technology funding. "They have to operate with the lowest amount of money that they can possibly get," Kelley said of the challenges, "And have to do the most that they can with it." Yet, he said resources and response time are critical. According to Kelley, it only takes five to six minutes…