Financial & Insurance
Department of Financial Services (DFS) Program
New York State has developed the first-in-the-nation cybersecurity regulation NYDFS), to protect consumer data and financial systems from the ever-growing threat of cyber-attacks. Ohio is next to follow the DFS regulation as of November, 2018. This regulation will require banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of financial services industry. These regulations apply to any financial services company operating directly or indirectly.
Key requirements for DFS compliance include:
Establishment and maintenance of a cybersecurity program
Annual board reviews and approval of the program
Appointment of a CISO to oversee and enforce the program
Annual penetration test
Annual risk assessment
File an annual certification confirming regulation compliance
The HolistiCyber team is comprised of cybersecurity consultants with extensive private sector and Nation State-level cybersecurity expertise that will deliver a successful certification program to meet the DFS compliance regulations. Our experts have vast practical experience in cybersecurity defense as well as in depth knowledge of the many regulations and compliance standards such as NIST, ISO, PCI DSS, FFIEC and more. The team is assigned in accordance with your company’s needs, budget and requirements, to assure that all the relevant technical, infrastructure, application & organizational issues related to the DFS compliance program is covered by the most skilled personnel.
HolistiCyber is committed to making the DFS compliance effort seamless and painless by utilizing its’ experts to effectively engage and overcome any cybersecurity issues. In addition, HolistiCyber can provide an expert consultant-if needed- to act as a virtual CISO to oversee and enforce cybersecurity policies and advise the most suitable security controls for maintaining DFS compliance without the need to retain an expensive resource.
Prepare your financial institution for the next generation cyber attack
Cybersecurity threats to the financial sector have grown and diversified over the years. A key critical infrastructure of our economy, financial services and banking sector are among the most lucrative targets for attackers looking to gain financially from their exploits. Financial institutions today are looking at cutting edge methods and tools to stay ahead of their adversaries, as the latter too aims at benefiting from technological advances to improve their game at the same time.
There are various different types of cyber threats being faced by the financial sector today. The top 5 threat have been identified are web application attacks, new technologies, inadequate security, third party risk, and inside risk. Online banking, mobile apps and services, online trading, and other digital channels have all assisted in the increase in risk posed by potential cyber threats. In order to exploit the financial institute’s web applications and new technologies, hackers often look for known vulnerabilities within the application and technologies or could even use stolen login credentials to access and take over an account. Or alternatively can exploit vulnerabilities of third-party vendors to access the financial institution system.
HolistiCyber helps financial companies plan their defence to today’s threats by evaluating the company resilience posture, adjust defence plan, increase the response time to incidents and offer response teams, real time detection and monitoring of the system end to end, prepare for a mega attack with table tops and much more. In other words, we offer a full set of cyber security services designed for your needs.