Page 176 - Cyber Defense eMagazine December 2023
P. 176

The Digital Operational Resilience Act (DORA): A Beacon of Hope

            In response to the havoc wreaked by cyber thieves, a new regulatory framework out of the European
            Union (EU) aims to deliver financial institutions some much-needed peace of mind. Dubbed DORA for
            short, the Digital Operational Resilience Act explores ways to bolster the standards of digital resilience
            frameworks, with a particular focus on the way companies document cybersecurity incidents and manage
            third-party risks associated with information and communication technologies (ICT).

            Officially adopted by the European Council last November, DORA urges organizations to implement
            comprehensive strategies to identify and effectively mitigate vulnerabilities. The legislation also stresses
            the  significance  of  ICT  incident  reporting  and  advocates  for  the  prompt  reporting  of  cybersecurity
            incidents to allow for swift responses and containment measures.

            DORA additionally mandates digital operational resiliency testing be conducted to ensure that systems
            have the appropriate security mechanisms in place to withstand cyberattacks and operational disruptions.
            Collaborative efforts in information and intelligence sharing are highly encouraged, as collective threat
            intelligence is a potent weapon in the battle against cyber adversaries.

            Finally, ICT third-party risk management is a non-negotiable under DORA. As such, third-party providers
            must  adhere  to  the  same  stringent  cybersecurity  standards  as  financial  institutions  to safeguard  the
            integrity of the entire ecosystem.



            An International Standard

            Intent on becoming the global benchmark for operational resilience in the financial services industry,
            DORA has implications that extend far beyond Europe, addressing major challenges financial institutions
            face in protecting critical data and services for consumers around the world. The need for enhanced
            resilience is especially relevant in light of incidents such as the  SolarWinds breach, which exploited
            vulnerabilities  in  third-party  software.  With  its  comprehensive  approach  to  cybersecurity,  DORA
            underscores the vital need for increased scrutiny of external partners.





            Best Practices for Resilience


            Along  with  the  EU  Cybersecurity  Act,  Cyber  Resilience  Act,  NIS  2  and  General  Data  Protection
            Regulation (GDPR), DORA is one of many upcoming EU measures designed to enhance the security
            and stability of operations in the financial services sector. But legislation alone will not guarantee the end
            of cybercrime as we know it. To minimize exposure to cybersecurity risks, financial institutions can adopt
            these best practices:









            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          176
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   171   172   173   174   175   176   177   178   179   180   181