The New York State Department of Financial Services released a report on the SolarWinds attack. This is the financial regulator for the state, and they warned that the next financial crisis could come from an attack like this, where the incident hits many targets at once.
The regulator was the first in the US to set rules for protecting consumer information held by banks and financial institutions. In the wake of the incident, they are recommending the “zero trust” approach to security.
Why do we care?
This is first steps towards regulation in my mind. The recommendations come out, and guidance will eventually become regulation. From the report “The Department was created in 2011 as the merger of the former Banking and Insurance Departments “[t]o establish a modern system of regulation, rulemaking and adjudication” responsive to the needs of the banking and insurance industries and New York consumers and residents.“ So yes, this is first step.
It’s also clearly a chorus – Zero Trust. Over and over again, the message is clear.