The new EU regulation DORA (Digital Operational Resilience Act) is expected to come into effect during 2022. The DORA targets the financial sector and aims to boost cyber resilience and improving standards within the financial institutions.
If you already work within the financial sector, you may recognize a lot from existing legislation and regulations in the area. One of the main aims of the DORA is to harmonize the legislation within the EU and to establish a clearer foundation for financial stakeholders, to make sure they are resilient through severe operational disruptions. However, although your company might not be affected, you might be interested to find out what the EU considers as relevant requirements to be digitally resilient.
The idea behind the regulation is to protect EU citizens by encouraging and enforcing all financial institutions to heavily invest in cyber resilience. This includes requirements on penetration testing, management systems, incident reporting and information sharing between institutions and perhaps, most importantly, third-party risk management.
Many of the requirements mapped out in DORA are things that we believe every organisation should consider if they want to ensure the security of their business and their customers. Third party risk management is one of those requirements and tend to often be neglected, even though it has played a vital role in many of the recent big cyber events such as the Kaseya attack in 2021, resulting in the temporary disruption of hundreds of Coop-stores in Sweden.
Doing a cybersecurity due diligence when acquiring a new service might be crucial. When investing in a new service, it is important to make sure that it not only meets the functional requirements, but also the security requirements. If not, every new service will bring additional security risks and one of them could eventually lead to a disaster. It is therefore important to be thorough when acquiring a new service.
But – the risk doesn’t stop after procurement. As stated in DORA, if you want to minimize the risk and maintain a good risk posture you must keep monitoring the services for new vulnerabilities. There will always be new vulnerabilities and the key is to detect them in time. The sooner you detect and patch, the more you reduce the risk of a potentially serious incident. Monitoring third-party risk is an essential part of any organization´s security.
Recently, Paliscope helped a major bank managing its cyber supply chain risk resulting in a measurable improvement. If you want to know how we can help you safeguard your organization to protect against cyber threats, read more about our services here!
No need to worry about evidence documentation and report formatting. Paliscope Build automates all that - keeping your cases structured, secure and easy to hand over.
Find what you are looking for with Paliscope Explore - enabling analysts and investigators to triage large amounts of data and deep dive into the findings.
Process all your data in one place, collaborate across teams, search for anything, and more.