PARIS, FRANCE, December 19, 2024 / EINPresswire.com / -- Today, Sean Tilley, EMEA Sales Director at managed infrastructure solutions provider 11:11 Systems , shared key considerations for financial institutions, which will be subject to the new Digital Operational Resilience Regulation (DORA) starting January 16,
2025. The financial sector is a target for cybercriminals, requiring stricter regulation to help them protect employee and customer data.Recent research by Security Scorecard indicates that in 2023, 78% of European financial institutions experienced a data breach involving a third party. On the other hand, 84% of financial organizations were affected by a data breach involving a fourth party. As a result, regulators and authorities are keen to strengthen financial institutions’ defenses to counter cyberattacks and other information and communications technology (ICT) incidents.
The upcoming Digital Operational Resilience Act (DORA), which is expected to take effect in January 2025, restructures data security regulation by requiring financial institutions to adopt an upstream and multifaceted approach to managing ICT risks. The regulation will introduce strict rules for protection, detection, containment, recovery and remediation in the event of cyber incidents or technological disruptions. DORA imposes a series of strict conditions on financial services companies, such as risk management, incident reporting, third-party risk management, digital operational resilience testing and threat intelligence sharing, in order to create the conditions for reliable digital resilience.
DORA aims to encourage and harmonise initiatives to improve operational resilience across the approximately 22,000 financial institutions based in the European Union. This legislation is not limited to banks, but also affects credit institutions, payment providers, insurance companies, investment firms, fund managers, pension funds, cryptocurrency services, third-party IT services, crowdfunding and much more. This new regulation helps lay the foundations for agile financial systems that are ready to face the digital threats of today and tomorrow.
Risks of non-compliance
Failure to comply with the new regulation exposes financial institutions to serious risks, including severe penalties, similar to what was practiced for the GDPR. In addition, these penalties can accumulate pro rata to the number of days of delay, which can have a major financial impact and reflect poorly on organizations that do not take the required measures.
For example, in the event of a cyber incident, organizations must notify the authorities and affected parties within 72 hours. Otherwise, information about the incident is made public. In any case, it is essential that companies constantly monitor their IT environment to identify threats and breaches, and implement effective countermeasures. To do this, they must implement advanced detection systems, a comprehensive countermeasure plan, and very precisely assess the vulnerabilities of the organization's systems. Without oversight, organizations risk missing early warning signs of an attack and failing to notify the appropriate authorities in time, which can further exacerbate the situation.
Choose expert partners to implement a comprehensive compliance framework
In terms of preparing for these new regulations, all organizations must conduct a thorough resilience and gap assessment. This helps measure the organization’s readiness for a cyber incident, as well as its ability to recover quickly. This requires a thorough assessment of key components, which may include the current state of the security infrastructure, incident response capabilities, and daily monitoring efforts. However,
doing this while managing business operations can be challenging. Therefore, it is important to have specialists and external providers who can assess resilience capabilities. These third parties help companies create a true compliance roadmap, to define a clear plan for not only achieving compliance, but maintaining it. This plan prioritizes the projects that will have the greatest impact on the organization’s security posture and risk mitigation.
This process involves managing the time to be spent on various compliance projects, as well as highlighting the areas of cybersecurity that will have the most significant impact. By relying on a roadmap developed by experts, organizations are better able to allocate resources and prioritize the most pressing threats.
Continuous Monitoring and Lifecycle Management
Constant monitoring of risk factors is essential to maintaining a strong security posture, as this type of program can also be used to differentiate oneself from the competition.
Today, cyber threats are evolving rapidly and to stay up to date, it is essential to manage the lifecycle of IT systems, security protocols and risks diligently. Organizations must constantly reassess their posture in terms of compliance and adapting processes. It is important to adopt a lifecycle management approach, namely understand, plan, test and repeat, to be prepared in the event of a cybersecurity incident, but more importantly, to quickly overcome dangerous situations and demonstrate the resilience that regulations such as DORA seek to establish.
No comments:
Post a Comment