In view of Iran’s vows to retaliate against the United States for the death of Quassem Soleimani, the NYDFS has issued an industry letter to all regulated entities regarding the need for heightened cybersecurity precautions.

The letter notes that it “is particularly concerning that Iran has a history of launching cyber-attacks against the U.S. and the financial services industry,” citing 2012-2013 Iranian-sponsored cyber-attacks against several major U.S. banks. The letter also cites a June 2019 U.S. government advisory observing “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies” using highly destructive attacks that delete or encrypt data.

The DFS letter calls for heightened vigilance against cyber-attacks and strongly recommends that regulated entities “ensure that all vulnerabilities are patched/remediated (especially publicly disclosed vulnerabilities), ensure that employees are adequately to deal with phishing attacks, fully implement multi-factor authentication, review and update disaster recovery plans, and respond quickly to further alerts from the government or other reliable sources. It is particularly important to make sure that any alerts or incidents are responded to promptly even outside of regular business hours – Iranian hackers are known to prefer attacking over the weekends and at night precisely because they know that weekday staff may not be available to respond immediately.”

Regulated entities are also directed to promptly notify DFS of any “significant or noteworthy cyber-attack,” noting that DFS’s cyber regulation requires notification as soon as possible but in no event later than 72 hours after a “material cybersecurity event.”