Page 176 - Cyber Defense eMagazine December 2023
P. 176
The Digital Operational Resilience Act (DORA): A Beacon of Hope
In response to the havoc wreaked by cyber thieves, a new regulatory framework out of the European
Union (EU) aims to deliver financial institutions some much-needed peace of mind. Dubbed DORA for
short, the Digital Operational Resilience Act explores ways to bolster the standards of digital resilience
frameworks, with a particular focus on the way companies document cybersecurity incidents and manage
third-party risks associated with information and communication technologies (ICT).
Officially adopted by the European Council last November, DORA urges organizations to implement
comprehensive strategies to identify and effectively mitigate vulnerabilities. The legislation also stresses
the significance of ICT incident reporting and advocates for the prompt reporting of cybersecurity
incidents to allow for swift responses and containment measures.
DORA additionally mandates digital operational resiliency testing be conducted to ensure that systems
have the appropriate security mechanisms in place to withstand cyberattacks and operational disruptions.
Collaborative efforts in information and intelligence sharing are highly encouraged, as collective threat
intelligence is a potent weapon in the battle against cyber adversaries.
Finally, ICT third-party risk management is a non-negotiable under DORA. As such, third-party providers
must adhere to the same stringent cybersecurity standards as financial institutions to safeguard the
integrity of the entire ecosystem.
An International Standard
Intent on becoming the global benchmark for operational resilience in the financial services industry,
DORA has implications that extend far beyond Europe, addressing major challenges financial institutions
face in protecting critical data and services for consumers around the world. The need for enhanced
resilience is especially relevant in light of incidents such as the SolarWinds breach, which exploited
vulnerabilities in third-party software. With its comprehensive approach to cybersecurity, DORA
underscores the vital need for increased scrutiny of external partners.
Best Practices for Resilience
Along with the EU Cybersecurity Act, Cyber Resilience Act, NIS 2 and General Data Protection
Regulation (GDPR), DORA is one of many upcoming EU measures designed to enhance the security
and stability of operations in the financial services sector. But legislation alone will not guarantee the end
of cybercrime as we know it. To minimize exposure to cybersecurity risks, financial institutions can adopt
these best practices:
Cyber Defense eMagazine – December 2023 Edition 176
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.