New York State Department of Financial Services Releases Report on SolarWinds Cyber Espionage Attack: Report Characterizes Attack as a “Wake-up” Call, Recommends Cybersecurity Measures for Financial Services Industry

Sullivan & Cromwell LLP - April 29, 2021

The New York Department of Financial Services released a report on the SolarWinds attack, identifying weaknesses it exposed, including the financial services industry’s vulnerability to “supply chain” attacks.  The Report identifies certain weaknesses in affected entities’ response to the attack.  The Report also recommends steps to reduce supply chain risk, including fully assessing and addressing third party risk, adopting a “zero trust” approach and multiple layers of security, addressing vulnerabilities in a timely manner through patch deployment, testing, and validation, and addressing supply chain compromise in incident response plans.

Subscribe to our Memos