In light of Russia’s recent military actions in Ukraine, the New York Department of Financial Services issued guidance on its cybersecurity and virtual currency regulations. The Department is specifically concerned about heightened risk for Russia’s cyberattacks against Ukraine, which could in turn lead to retaliatory attacks against U.S. critical infrastructure due to U.S. sanctions against Russia.

The Department clarified that regulated entities should comply with U.S. sanctions on Russia, but should take measures to mitigate potential security risks. The following includes some recommendations to mitigate increased cyber threats:

• Review cybersecurity programs with a particular eye on security hygiene measures, such as multi-factor authentication;
• Review, update and test incident response and business continuity planning;
• Implement practices not already in place in the Department’s June 2021 Ransomware Guidance;
• Conduct regular penetration testing to check ability to restore backups; and
• Provide additional cybersecurity awareness trainings and reminders for employees within the organization.

Putting it into Practice: Current world events serve as a reminder for why it is important for organizations to prioritize their cybersecurity programs and ensure that they take mitigation efforts to prevent the devastating effects of cyber-attacks.