4 members / 134 guests (24 hours)
$0.00 (0.00%)
High: $0.00
Low: $0.00
Volume: 0

An Interesting IDB update! And how IDB got even faster.  IDB is fast, reliable, and FREE to use. Just join and start posting!

How banks are coping with New York’s cybersecurity rules




Multifactor authentication

The department's superintendent, Maria Vullo, spoke proudly of the new rules on the first compliance date. “This day marks a significant milestone in protecting the financial services industry and the consumers they serve from the threat of cyber-attacks,” she said in a press release. A spokesman for the agency offered no further comment.

The rules require institutions regulated by the department to use multifactor authentication to protect access to internal networks, “unless the covered entity’s CISO has approved in writing the use of reasonably equivalent or more secure access controls.”

This might sound simple — just require a one-time passcode or biometric in addition to user name and password when employees and customers can log in. But it can be tricky in practice.

The large core banking system providers don’t all offer multifactor authentication, Tomita pointed out.

Beyond the core, applying multifactor authentication to other systems at a bank can be problematic, because “you have a mixed bag of environments out there where people have systems that don’t integrate well into multifactor,” Tomita said.

Organizations I’ve talked to have no idea what they’re going to do,” he said. “Some people are going to have to complete forklift upgrades in order to make their networks compliant with multifactor authentication. That is a tremendous burden that I don’t think anybody looked at when they put this together.”

Al Pascual, senior vice president and research director at Javelin Strategy & Research, noted that hackers at this year’s Black Hat conference identified multifactor authentication as the most difficult control to circumvent.