One best practice missing from the New York State Department of Financial Services’ announcement of potentiabigstock-Stack-of-manilla-file-folders-30317660-1080x675l new cyber security regulation requirements for banks and insurers was the need to develop an approach to monitor internal threats, including the detection of anomalous conduct by employees.

The FBI, SEC, and others have identified dishonest acts by employees as one of the major causes of data security breaches.  In fact, it’s one of the areas audited under the FFIEC’s Cybersecurity Assessment Tool
Continue Reading Please Add Internal Threat Monitoring to NYDFS’s Cyber Security Requirements for Banks and Insurers