Skip to main content

NYDFS Tasks New Cybersecurity Division to Enforce Cybersecurity Regulation

by Chris Brook on Thursday May 23, 2019

Contact Us
Free Demo

With a new cybersecurity team dedicated to enforcing the department’s regulations under its wing, the New York Department of Financial Services (NYDFS) will grow even more vigilant of violations.

The New York Department of Financial Services appears to be doubling down on its commitment to cybersecurity. The NYDFS announced this week that a new unit within the department, the Cybersecurity Division, will focus on protecting consumers and industries from pervasive cyber threats.

The department said on Wednesday that the department is the first of its kind to be established at a banking or insurance regulator.

The news follows up a report last month that the NYDFS was combining two existing divisions within the department, the Enforcement and Financial Frauds division and the Consumer Protection division, to create a new group to address cybersecurity events and develop policy.

Based on NYDFS' description, it sounds like the new Cybersecurity Division will work in tandem with the division created last month.

According to the NYDFS, the Cybersecurity Division will enforce the department's cybersecurity regulations, including the department's landmark Cybersecurity Regulation (23 NYCRR 500) as well as advise on ongoing cybersecurity examinations, issue guidance on DFS’s cybersecurity regulations, and conduct cyber-related investigations in coordination with the Consumer Protection and Financial Enforcement Division.

“Increasingly today, counterterrorism is about cybersecurity, our biggest threat and our biggest challenge, and Justin’s extraordinary background as a prosecutor and cyber and economic crimes expert positions him well to lead this new division, bringing together DFS’s longstanding leadership in cybersecurity and cyber policy,” Acting DFS Superintendent Linda A. Lacewell said Wednesday. “As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation.”

The NYDFS brought on Justin Herring, the Chief of the Cybercrimes Unit for the U.S. Attorney for the District of New Jersey, to oversee the division.

Herring’s resume speaks for itself.

While a member of the U.S. Attorney’s Economic Crimes Unit, Herring oversaw the EDGAR hacking case, a case in which the US charged two individuals with breaking into the S.E.C.'s filing system to gain insider information. He also helped investigate a case involving SamSam, the now nearly infamous strain of ransomware that shutdown cities like Atlanta and Newark and hospitals in Los Angeles and Omaha, Nebraska, and caused more than $30 million in losses.

Previously, as a former Assistant U.S. Attorney and member of Baltimore's Major Crimes Unit, Herring prosecuted the administrator of the Silk Road website.

In addition to Herring’s expertise, it sounds as if the division is going to rely on experts from across the NYDFS to help break down the latest news on threats and trends to better protect the industry.

With NYDFS' cybersecurity regulation in full force and a new division designed to enforce it, it appears the department is dead set on ensuring its rigid rules are followed.

Tags:  Industry Insights Financial Services

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.