Financial Services Cyber Resilience and the New Normal

Share this post:

IBM Security, as a global leader of security services and software, has seen a unique change in the way organisations are facing the challenge of cyber resilience during the COVID-19 pandemic.

The societal, technological and employee challenges have come alongside increased pressures from regulatory bodies on firms to maintain “robust market surveillance” whilst unorthodox working arrangements are in place.

As a result, I have seen an increased interest from my clients in new controls to monitor their employees. These controls include the use of webcams to identify video recordings or pictures taken of screens and enhanced keystroke logging to highlight words or strings that may indicate suspicious or fraudulent behaviours.

This topic has caused debate and concern in the industry on balancing surveillance and employee privacy, especially as they are now home based.

Additionally, I have seen a re-calibration of existing monitoring and detection activities/capabilities to address the internal and external threats posed in the current climate. Below are some examples, linked to the NIST Cybersecurity Framework and based on my current experiences working with banks, insurers and financial service providers:


  • The detection of new applications or services (on premise or in the cloud) used to managed increased workloads of employees working remotely and the expansion of shadow IT.
  • Scrutinising all externally facing services and infrastructure through increased vulnerability scanning of publically facing IP addresses for any new vulnerabilities.
  • Reviewing existing SIEM and IDS/IPS deployment logic, use cases and rules, updating false-positive logic to reflect changes in new working patterns to reflect the new business as usual.


  • Enforcing stronger use of two-factor authentication for all remote access accounts, i.e. Office 365 or business critical/sensitive applications.
  • Capturing, analysing and monitoring data from logs, network flows and user behaviour data to identify anomalies and to ensure data loss prevention activities remain focused.


  • Enhanced monitoring of privileged users and how sensitive administration or business activities are performed i.e. large financial transaction systems such as SWIFT.
  • Increased monitoring of VPN activity – capturing and analysing logon anomalies, brute force attacks, credential stuffing or password spraying. In particular access attempts from unfamiliar geographies or duplicate admin/user sessions.
  • Heightened tracking of phishing campaigns relating to COVID-19 from organised criminals and nation states. The protective measures used include enhanced email gateway monitoring, detailed analysis of web proxy logs including keyword searching and enriched usage of third-party threat intelligence data.


  • Recognition that both physical and virtual cyber crisis simulations must be a core component for all operational resilience activities.
  • The utilisation of Artificial Intelligence to engage quickly with customers as part of business continuity chatbot communications.


  • Increased focus on validating the integrity of backups for legacy and critical systems whilst considering the use of alternative storage mechanisms i.e. offline storage, due to an increased risk of ransomware.
  • The use of Blockchain to bring together multiple data points and bring insights for leadership teams to respond to a crisis with confidence.

The takeaway for security leaders is to ensure the fundamental security activities are as strong and mature as possible. A focus on combined operational resilience requirements alongside cyber resilience activities is a business imperative and not an option. You can learn more about how IBM is helping our clients build resiliency through AI and automation during the current pandemic.

IBM Associate Partner in Security Strategy, Risk & Compliance

More Security stories
By Richard Davies and Chris Nott on 27 January, 2022

Resilience in edge operations

As we discussed in our first blog post, defence is on the cusp of a paradigm shift with the development of Multi Domain Integration (MDI) with many assets connected, often via sensors, in a ‘network of networks.’  In another post, we explored digital engineering extending to support in-service assets and digital twin. The model implies […]

Continue reading

By Steve Freshwater and Skip Snyder on 24 January, 2022

Pandemic-driven changes bring Factory of the Future into the present

As we begin 2022, two years since the onset of COVID-19, it is clear that technologies like AI, IoT and hybrid cloud have been critical levers to help businesses achieve sustainability, resiliency, and agility in light of massive disruption. As social distancing kept workers at home, smart connectivity and the insights gathered can help scale […]

Continue reading

By John McNamara on 19 January, 2022

Imperial College create immersive language learning experience using Watson and Virtual Reality

The Call for Code Challenge was created by philanthropist David Clark, founder of the David Clark Cause, in partnership with the Office of the United Nations High Commissioner for Human Rights, the Linux Foundation and IBM. This Challenge is open to developers, start-ups, academics, NGOs etc. from around the world. The objective is to imagine […]

Continue reading