Year: 2021

New York Department of Financial Services Issues Report on SolarWinds Cyberattack

Share

On April 15, 2021, the New York Department of Financial Services (NYDFS) issued a report on the recent SolarWinds cyberattack. A copy of the report is available here. NYDFS called the attack a “wake-up call” to regulated financial institutions and insurers that should cause them to immediately assess and, if necessary, improve their own cybersecurity posture in order to avoid victimization in future attacks.

NYDFS characterized the SolarWinds attack as a “widespread, sophisticated espionage campaign” by Russian foreign intelligence actors that resulted in “the most visible, widespread, and intrusive information technology supply chain attack” successfully completed to date. According to the report, the attack opened back doors into thousands of organizations around the United States and involved the theft of sensitive data from over 100 private sector companies, as well as at least nine federal agencies. NYDFS noted ominously that the attack highlighted the obvious “vulnerability to supply chain attacks” within the financial services industry.

Continue reading “New York Department of Financial Services Issues Report on SolarWinds Cyberattack”

New York Department of Financial Services and National Securities Corporation Agree to $3 Million Settlement in Cybersecurity Enforcement Action

Share

Earlier this month, the New York State Department of Financial Services (NYDFS) announced a settlement and consent order with National Securities Corporation (National Securities) for $3 million in connection with National Securities’ violations of NYDFS’s Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500).

National Securities sells life insurance, accident and health insurance, and variable life/variable annuities insurance. As part of its day-to-day operations, National Securities collects personal data from its customers.

Continue reading “New York Department of Financial Services and National Securities Corporation Agree to $3 Million Settlement in Cybersecurity Enforcement Action”

Faegre Drinker on Law and Technology Podcast: ‘Merging’ Mergers, Acquisitions and Cybersecurity

Share

Due diligence is at the heart of negotiating and finalizing any major deal, and parties’ cybersecurity practices have become a focal point in the M&A due diligence process. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss and guests Paul Luehr and Dori Cain discuss the importance of cybersecurity due diligence in the mergers and acquisitions field, what criteria professionals evaluate in this process, and how “cybersecurity hygiene” can impact the deal-making process. The podcast covers a number of questions, including:

  • What does the cybersecurity due diligence aspect of a merger or acquisition look like? Why is “cyber diligence” so important in the deal-making process?
  • What insights or hard facts are cybersecurity professionals looking for when evaluating cybersecurity at the outset of the mergers and acquisition process? What “cyber hygiene” criteria should be assessed at every step of deal negotiations? Are there any common deal-breakers in this process?

The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations

Share

On March 1, 2021, the National Security Commission on Artificial Intelligence (NSCAI) released its 700-page Final Report (the “Report”), which presents NSCAI’s recommendations for “winning the AI era” (The Report can be accessed here). This Report issues an urgent warning to President Biden and Congress: if the United States fails to significantly accelerate its understanding and use of AI technology, it will face unprecedented threats to its national security and economic stability. Specifically, the Report cautions that the United States “is not organizing or investing to win the technology competition against a committed competitor, nor is it prepared to defend against AI-enabled threats and rapidly adopt AI applications for national security purposes.”

In the Final Report, NSCAI makes a number of detailed policy recommendations “to advance the development of AI, machine learning, and associated technologies to comprehensively address the national security and defense needs of the United States.” The Report, its findings and recommendations all signal deep concern that the U.S. has underinvested in AI and must play catch-up in order to safeguard its future.

Continue reading “The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations”

Faegre Drinker on Law and Technology Podcast: A Primer on Cybersecurity Frameworks

Share

ISO, NIST, CMMC — if the alphabet soup of cybersecurity frameworks has you confused, we’ve got you covered. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss chats with guest Jim Watkins, former deputy laboratory director in the FBI’s Orange County Crime Lab and current certified technical assessor for the ANSI National Accreditation Board, about some of the more prominent cybersecurity frameworks, the process of cybersecurity assessments, how compliance issues are addressed, and what’s the difference between self-assessment, self-certification, and accreditation, and how a skilled attorney can make all the difference in getting accredited.

Continue reading “Faegre Drinker on Law and Technology Podcast: A Primer on Cybersecurity Frameworks”

New York Department of Financial Services Announces $1.5 Million Settlement of Second Cybersecurity Enforcement Action

Share

On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500). This is the second publicly-announced settlement of an enforcement action brought under NYDFS’s novel cybersecurity regulation (we wrote about the first action).

According to the consent order, in March 2020, NYDFS’ Mortgage Banking Division commenced a routine examination of RMS, which included a review of its compliance with Part 500. RMS is headquartered in Maine, but it is registered as mortgage banker in New York and other states. During the examination, NYDFS determined that RMS failed to report a March 2019 data breach incident, as required by Part 500.

Continue reading “New York Department of Financial Services Announces $1.5 Million Settlement of Second Cybersecurity Enforcement Action”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy