New York financial agency warns Ukraine invasion increases cyber risk

Russia’s invasion of Ukraine significantly increases cyber risk to the U.S. financial sector, which should fully comply with New York State Department of Financial Services cybersecurity regulations, the department said. in a warning issued last week.

Industry guidelines indicate that Russia’s ongoing cyberattacks on Ukraine could spill over and damage networks outside the country, as has happened in the past.

Escalating tensions also increase the risk that Russian threat actors will directly attack U.S. critical infrastructure in retaliation for sanctions or other U.S. government actions, the department said in its guidance.

The ministry said steps companies should take, in accordance with its cybersecurity regulations and subsequent guidance, include:

-Review programs to ensure full compliance, paying particular attention to basic cybersecurity hygiene measures.

– Review, update and test incident response and business continuity planning.

-Review and implement practices not already in place in the Department’s June 2021 Ransomware Guidelines.

-Reassess plans for maintaining essential services.

-Perform a comprehensive test of the ability to restore from backups.

-Provide additional cybersecurity awareness training.

The department also recommends that regulated entities follow guidance and alerts from the Federal Cybersecurity Infrastructure Security Agency and Information Sharing and Analysis Centers.