Financial Services Cyber Resilience and the New Normal

Share this post:

IBM Security, as a global leader of security services and software, has seen a unique change in the way organisations are facing the challenge of cyber resilience during the COVID-19 pandemic.

The societal, technological and employee challenges have come alongside increased pressures from regulatory bodies on firms to maintain “robust market surveillance” whilst unorthodox working arrangements are in place.

As a result, I have seen an increased interest from my clients in new controls to monitor their employees. These controls include the use of webcams to identify video recordings or pictures taken of screens and enhanced keystroke logging to highlight words or strings that may indicate suspicious or fraudulent behaviours.

This topic has caused debate and concern in the industry on balancing surveillance and employee privacy, especially as they are now home based.

Additionally, I have seen a re-calibration of existing monitoring and detection activities/capabilities to address the internal and external threats posed in the current climate. Below are some examples, linked to the NIST Cybersecurity Framework and based on my current experiences working with banks, insurers and financial service providers:

Identification

• The detection of new applications or services (on premise or in the cloud) used to managed increased workloads of employees working remotely and the expansion of shadow IT.
• Scrutinising all externally facing services and infrastructure through increased vulnerability scanning of publically facing IP addresses for any new vulnerabilities.
• Reviewing existing SIEM and IDS/IPS deployment logic, use cases and rules, updating false-positive logic to reflect changes in new working patterns to reflect the new business as usual.

Protection

• Enforcing stronger use of two-factor authentication for all remote access accounts, i.e. Office 365 or business critical/sensitive applications.
• Capturing, analysing and monitoring data from logs, network flows and user behaviour data to identify anomalies and to ensure data loss prevention activities remain focused.

Detection

• Enhanced monitoring of privileged users and how sensitive administration or business activities are performed i.e. large financial transaction systems such as SWIFT.
• Increased monitoring of VPN activity – capturing and analysing logon anomalies, brute force attacks, credential stuffing or password spraying. In particular access attempts from unfamiliar geographies or duplicate admin/user sessions.
• Heightened tracking of phishing campaigns relating to COVID-19 from organised criminals and nation states. The protective measures used include enhanced email gateway monitoring, detailed analysis of web proxy logs including keyword searching and enriched usage of third-party threat intelligence data.

Response

• Recognition that both physical and virtual cyber crisis simulations must be a core component for all operational resilience activities.
• The utilisation of Artificial Intelligence to engage quickly with customers as part of business continuity chatbot communications.

Recovery

• Increased focus on validating the integrity of backups for legacy and critical systems whilst considering the use of alternative storage mechanisms i.e. offline storage, due to an increased risk of ransomware.
• The use of Blockchain to bring together multiple data points and bring insights for leadership teams to respond to a crisis with confidence.

The takeaway for security leaders is to ensure the fundamental security activities are as strong and mature as possible. A focus on combined operational resilience requirements alongside cyber resilience activities is a business imperative and not an option. You can learn more about how IBM is helping our clients build resiliency through AI and automation during the current pandemic.