This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
viewpoints
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

NY regulator releases guidance on preventing ransomware attacks

The FBI and other enforcement agencies discourage paying cybercriminals, in order to lower the financial incentive for the burgeoning illicit industry of ransomware attacks.  However, there are practical steps that organizations can take to strengthen their cybersecurity and technical defenses against hackers.  The New York State Department of Financial Services has provided a list of controls for companies to implement - and they are helpful to companies generally, not just to those in the financial industry.

Ransomware incidents have increased in frequency, scope, and sophistication. The reported rate of ransomware attacks increased 300% in 2020. Larger extortion payments have financed the development more effective hacking and ransomware tools and added more hackers to their ranks. The Department therefore joins the FBI in recommending that companies avoid making ransomware payments if their networks are compromised. DFS has examined the ransomware incidents reported by its regulated entities over the past year and a half and has observed that they follow a similar pattern: hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups. DFS urges all regulated entities to prepare for a ransomware attack by implementing measures such as: Train Employees in Cybersecurity Awareness and Anti-Phishing; Implement a Vulnerability and Patch Management Program; Use Multi-Factor Authentication and Strong Passwords; Employ Privileged Access Management to Safeguar...

Tags

ransomware, cyber attack, data breach, data privacy, data protection, tech & data, cyber security

Latest Insights