loader
NYDFS' Cybersecurity and AI
"Artificial intelligence is neither good nor evil. It is a tool. What matters is how we use it."

The rapid integration of artificial intelligence (AI) into financial services has revolutionized the industry, helping institutions work more efficiently and make better decisions. However, as AI grows, so do cybersecurity risks. Recognizing this, the New York State Department of Financial Services (NYDFS) recently issued guidance addressing these challenges. This article explores the guidance and shares insights for NYDFS-regulated entities.

Rising Threat of AI-Enabled Cybersecurity Risks

AI is a double-edged sword in cybersecurity. While it enhances fraud detection and threat mitigation, it also creates vulnerabilities that cybercriminals can exploit. Common risks include:

  • AI-Enabled Social Engineering: Cybercriminals use AI to craft highly sophisticated phishing emails, voice impersonation, and deepfakes to trick employees and customers. (Read more about social engineering threats)
  • Targeted Cyberattacks: Hackers use machine learning algorithms to find weak spots in systems and get around defenses to execute attacks. (Explore AI-driven cyberattack trends)
  • Third-Party Dependencies: Many financial institutions rely on AI-driven  tools from third parties, increasing exposure to supply chain vulnerabilities. (Learn about third-party risks)

NYDFS Guidance on AI Cybersecurity Risks

NYDFS has urged regulated entities such as financial institutions to incorporate AI-related threats into their risk management plans. The key recommendations include:

1. Risk Assessments

  • Identify how AI tools handle sensitive data.
  • Assess AI systems regularly for weaknesses. 
  • Put controls in place to prevent misuse. 

2. Third-Party Management

  • Conducting rigorous due diligence on third-party AI vendors before working with them. 
  • Establishing contractual obligations for cybersecurity and incident reporting. 
  • Monitoring vendor systems for compliance and potential risks.

3. Robust Access Controls

  • Implementing multi-factor authentication for AI tools and data.
  • Limit access based on user roles.
  • Monitoring access logs for suspicious activities.

4. Employee Training and Awareness

Human error remains a leading cause of cybersecurity incidents: 

  • Teach staff on AI-related risks.
  • Training staff to recognize AI-enabled phishing and fraud tactics.
  • Simulating real-world scenarios to improve response to threats. 

How Systech MSP Can Help

As a trusted managed IT service provider, Systech MSP is uniquely positioned to help financial institutions navigate these challenges. Our services include:

  • Risk Assessment and Mitigation: We assess AI-driven systems to identify vulnerabilities and implement strategies to secure sensitive data.
  • Third-Party Vendor Management: Our experts helps vet and monitor AI vendors to meet NYDFS requirements.
  • Advanced Access Controls: From implementing multi-factor authentication to track system activity, we secure AI systems against unauthorized access.
  • Tailored Employee Training: We offer  customized training to educate your workforce on AI-related cybersecurity threats and best practices.

Staying Ahead of AI Cybersecurity Challenges

The integration of AI in financial services is inevitable, but so are the associated risks. By following NYDFS guidelines and implementing proactive steps, institutions can reduce risks and use AI safely. Systech MSP offers IT solutions that help your organization stay compliant and prepared in an evolving threat landscape.

Contact Systech MSP to learn more about securing your AI-driven operations and achieving NYDFS compliance.

CONTACT US