ARTICLE
31 May 2021

NYDFS Issues Supply Chain Management Guidance

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
After discovery, SolarWinds released a series of hot fixes to address vulnerabilities in their software associated with the attack.
United States New York Technology
Liisa M. Thomas’s articles from Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • with Inhouse Counsel

NYDFS Issues Supply Chain Management Guidance

The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software which was then distributed to SolarWinds' customers (many of which were financial institutions). After discovery, SolarWinds released a series of hot fixes to address vulnerabilities in their software associated with the attack. Although NYDFS found that most companies responded quickly to patch the vulnerabilities, it did identify additional steps to reduce supply chain risk:

  • Properly diligence third party service providers' potential cybersecurity risks, and include in vendor contracts -particularly critical vendors- provisions that ensure cybersecurity practices and cyber hygiene can be monitored, and that require immediate notice of any cyber event that could impact the company.
  • Assume any software from service providers might be compromised. Thus authorize only as-needed access and monitor for malicious activity.
  • Have a vulnerability management program with patch rollback procedures to ensure timely patches.
  • Update incident response plans to address supply chain compromises.

As we have reported recently, NYDFS is actively enforcing the cybersecurity rules, and these recommendations can be read in context of those rules.

Putting it Into Practice: These NYDFS cybersecurity recommendations highlight for financial services companies the expectations the department has of them with regard to supply-chain risk. Companies would be well-served to review their vendor management practices against these latest recommendations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More