The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

NYDFS Tasks New Cybersecurity Division to Enforce Cybersecurity Regulation

by Chris Brook on Thursday May 23, 2019

Contact Us
Free Demo
Chat

With a new cybersecurity team dedicated to enforcing the department’s regulations under its wing, the New York Department of Financial Services (NYDFS) will grow even more vigilant of violations.

The New York Department of Financial Services appears to be doubling down on its commitment to cybersecurity. The NYDFS announced this week that a new unit within the department, the Cybersecurity Division, will focus on protecting consumers and industries from pervasive cyber threats.

The department said on Wednesday that the department is the first of its kind to be established at a banking or insurance regulator.

The news follows up a report last month that the NYDFS was combining two existing divisions within the department, the Enforcement and Financial Frauds division and the Consumer Protection division, to create a new group to address cybersecurity events and develop policy.

Based on NYDFS' description, it sounds like the new Cybersecurity Division will work in tandem with the division created last month.

According to the NYDFS, the Cybersecurity Division will enforce the department's cybersecurity regulations, including the department's landmark Cybersecurity Regulation (23 NYCRR 500) as well as advise on ongoing cybersecurity examinations, issue guidance on DFS’s cybersecurity regulations, and conduct cyber-related investigations in coordination with the Consumer Protection and Financial Enforcement Division.

“Increasingly today, counterterrorism is about cybersecurity, our biggest threat and our biggest challenge, and Justin’s extraordinary background as a prosecutor and cyber and economic crimes expert positions him well to lead this new division, bringing together DFS’s longstanding leadership in cybersecurity and cyber policy,” Acting DFS Superintendent Linda A. Lacewell said Wednesday. “As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation.”

The NYDFS brought on Justin Herring, the Chief of the Cybercrimes Unit for the U.S. Attorney for the District of New Jersey, to oversee the division.

Herring’s resume speaks for itself.

While a member of the U.S. Attorney’s Economic Crimes Unit, Herring oversaw the EDGAR hacking case, a case in which the US charged two individuals with breaking into the S.E.C.'s filing system to gain insider information. He also helped investigate a case involving SamSam, the now nearly infamous strain of ransomware that shutdown cities like Atlanta and Newark and hospitals in Los Angeles and Omaha, Nebraska, and caused more than $30 million in losses.

Previously, as a former Assistant U.S. Attorney and member of Baltimore's Major Crimes Unit, Herring prosecuted the administrator of the Silk Road website.

In addition to Herring’s expertise, it sounds as if the division is going to rely on experts from across the NYDFS to help break down the latest news on threats and trends to better protect the industry.

With NYDFS' cybersecurity regulation in full force and a new division designed to enforce it, it appears the department is dead set on ensuring its rigid rules are followed.

Tags: Industry Insights, Financial Services

Recommended Resources


  • An overview of the FFIEC CAT
  • How to use the CAT to identify areas of risk
  • How Digital Guardian helps reduce these risks
  • A compliance timeline for all 18 provisions
  • Financial services case studies
  • How Digital Guardian can help

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.