Security

Financial Services Cyber Resilience and the New Normal

Share this post:

IBM Security, as a global leader of security services and software, has seen a unique change in the way organisations are facing the challenge of cyber resilience during the COVID-19 pandemic.

The societal, technological and employee challenges have come alongside increased pressures from regulatory bodies on firms to maintain “robust market surveillance” whilst unorthodox working arrangements are in place.

As a result, I have seen an increased interest from my clients in new controls to monitor their employees. These controls include the use of webcams to identify video recordings or pictures taken of screens and enhanced keystroke logging to highlight words or strings that may indicate suspicious or fraudulent behaviours.

This topic has caused debate and concern in the industry on balancing surveillance and employee privacy, especially as they are now home based.

Additionally, I have seen a re-calibration of existing monitoring and detection activities/capabilities to address the internal and external threats posed in the current climate. Below are some examples, linked to the NIST Cybersecurity Framework and based on my current experiences working with banks, insurers and financial service providers:

Identification

  • The detection of new applications or services (on premise or in the cloud) used to managed increased workloads of employees working remotely and the expansion of shadow IT.
  • Scrutinising all externally facing services and infrastructure through increased vulnerability scanning of publically facing IP addresses for any new vulnerabilities.
  • Reviewing existing SIEM and IDS/IPS deployment logic, use cases and rules, updating false-positive logic to reflect changes in new working patterns to reflect the new business as usual.

Protection

  • Enforcing stronger use of two-factor authentication for all remote access accounts, i.e. Office 365 or business critical/sensitive applications.
  • Capturing, analysing and monitoring data from logs, network flows and user behaviour data to identify anomalies and to ensure data loss prevention activities remain focused.

Detection

  • Enhanced monitoring of privileged users and how sensitive administration or business activities are performed i.e. large financial transaction systems such as SWIFT.
  • Increased monitoring of VPN activity – capturing and analysing logon anomalies, brute force attacks, credential stuffing or password spraying. In particular access attempts from unfamiliar geographies or duplicate admin/user sessions.
  • Heightened tracking of phishing campaigns relating to COVID-19 from organised criminals and nation states. The protective measures used include enhanced email gateway monitoring, detailed analysis of web proxy logs including keyword searching and enriched usage of third-party threat intelligence data.

Response

  • Recognition that both physical and virtual cyber crisis simulations must be a core component for all operational resilience activities.
  • The utilisation of Artificial Intelligence to engage quickly with customers as part of business continuity chatbot communications.

Recovery

  • Increased focus on validating the integrity of backups for legacy and critical systems whilst considering the use of alternative storage mechanisms i.e. offline storage, due to an increased risk of ransomware.
  • The use of Blockchain to bring together multiple data points and bring insights for leadership teams to respond to a crisis with confidence.

The takeaway for security leaders is to ensure the fundamental security activities are as strong and mature as possible. A focus on combined operational resilience requirements alongside cyber resilience activities is a business imperative and not an option. You can learn more about how IBM is helping our clients build resiliency through AI and automation during the current pandemic.

IBM Associate Partner in Security Strategy, Risk & Compliance

More Security stories
By Mark Restall on 5 November, 2024

Impact on Data Governance with generative AI – Part Two

Many thanks to, Dr. Roushanak Rahmat, Hywel Evans, Joe Douglas, Dr. Nicole Mather and Russ Latham for their review feedback and contributions in this paper. This blog is a continuation of the earlier one describing Data Governance and how it operates today in many businesses. In this blog, we will see how Data Governance will […]

Continue reading

By Mark Restall on 28 October, 2024

Impact on Data Governance with Generative AI – Part One

Many thanks to, Dr. Roushanak Rahmat, Hywel Evans, Joe Douglas, Dr. Nicole Mather and Russ Latham for their review feedback and contributions in this paper. Introduction As artificial intelligence (AI) and machine learning (ML) technologies continue to transform industries and revolutionise the way we live and work, the importance of effective Data Governance cannot be […]

Continue reading

By Steve Moe on 14 October, 2024

Accelerating the creation of AI-infused solutions in a hybrid environment

As a global leader in software for banks and financial services organisations, Finastra aims to bring generative AI (gen AI)-enriched solutions to its clients without limiting their options around choice of platforms. Steve Moe, Head of Technology for the Lending business at Finastra, explains how a collaborative initiative between IBM, Microsoft and Finastra, using the […]

Continue reading