• Elisabeth Buscemi

NYDFS Ransomware Guidance: “We Must All Do Our Part”

The New York Department of Financial Services has issued new guidance regarding ransomware attack mitigation. The state regulator identified seven measures financial industries can take to avoid a successful attack on their data.

These measures include employee cybersecurity awareness training, vulnerability and patch management, multi-factor authentication, segregation and testing of backups of critical systems, utilizing monitoring and response programs, and ransomware incident response planning. The notice includes a recommendation to avoid making ransom payments.

The guidance comes as ransomware incidents grow more frequent and criminal groups launch increasingly sophisticated attacks. The regulator cited a report that ransomware incidents increased 300% in 2020.


NYDFS Superintendent Linda Lacewell stated that “implementing cybersecurity measures is critical to protect consumers and business lines.” She also urged the finance industry to do their utmost to stay protected in the face of the bombardment, stating that the sector could be destabilized by continued ransomware attacks.