DORA – A step towards increased cybersecurity.
Amid the accelerating digitization and the constant changes in the digital landscape, the financial sector faces increased cyber threats and new challenges. It has become clear that there is a growing need to strengthen digital resilience to ensure business continuity, protect customer data, and maintain trust in the ecosystem at large.
In response to these challenges, the EU has introduced the Digital Operational Resilience Act (DORA), a set of regulations aimed at bolstering the digital resilience of the financial sector. DORA, coming into effect on January 25, 2025, mandates financial institutions to implement structured risk management frameworks, establish efficient incident response plans, and report certain security incidents to supervisory authorities. This measure marks the EU’s decisive step towards a more robust and secure digital financial infrastructure.
Target Audience: The regulations primarily target the financial sector, including banks, insurance companies, auditing firms, and other financial service providers. However, it also has a broader impact, as the stability and security of these institutions are crucial for the overall health of the economy.
Let's delve into five critical aspects of DORA:
1. Governance and Risk Management:
To be at the forefront, financial entities not only need to understand their current IT risks but also anticipate future ones. Having a well-documented risk management framework allows organizations to swiftly and effectively adapt their strategies based on changing conditions.
2. Incident Reporting:
As cyber threats evolve, it’s increasingly critical to promptly identify, handle, and report incidents. Having a robust early warning system results in faster actions, which can be the difference between a minor disruption and a major crisis.
Sweet has experience proactively managing incidents. We have a well-functioning process for documenting and handling incidents in accordance with our ISO 27001 information security certification. We suggest and help our clients implement the same method. Interested to learn more? CONTACT US
3. Testing of Digital Operational Resilience:
Continuous testing helps organizations detect weaknesses before they escalate into severe problems. It’s not just about identifying shortcomings but ensuring corrective actions are swiftly taken.
At Sweet, we regularly test different scenarios to identify risks and implement improvement measures. We also engage external security entities to conduct vulnerability and penetration tests to detect any gaps before they become problems.
4. Management of ICT Third-Party Risks:
In a world where services are often outsourced or delivered through cloud solutions, third-party risks become increasingly vital to manage. By understanding and monitoring these risks, organizations can ensure they aren’t vulnerable through their partners.
At Sweet, it’s a given that our partners maintain a high level of security, and we conduct regular audits to ensure compliance with our and our clients’ security requirements.
(ICT stands for “Information and Communication Technology” and encompasses all technologies used for handling and communicating information. When discussing ICT risks, we refer to potential threats and vulnerabilities that might impact these systems and the information they handle. Note that ICT risks are not solely technical; they can also be organizational, human, and process-driven. Effectively managing ICT risks requires a combined approach that encompasses technology, policies, procedures, and training.)
5. Information Sharing:
Knowledge is power. By sharing information about threats, techniques, and tactics, financial entities can benefit from collective intelligence, bolster their defenses, and proactively manage risks.
DORA marks a significant milestone in enhancing digital resilience in the financial sector. For IT departments, it presents an opportunity to scrutinize and strengthen their current processes, systems, and partnerships. By clearly addressing these aspects, the financial sector can ensure it’s prepared to face the digital challenges of the future.
Sweet Systems and Information Security:
At Sweet, we take security very seriously. Not just to conduct a secure operation but to maintain and enhance the trust of our stakeholders. We’re proud to announce that we’ve been ISO 27001 certified for several years. This international standard for information security is a powerful testament to our commitment to ensuring that all our systems, services, and processes maintain the highest possible security standards. Our certification means we have undergone rigorous scrutiny of our security controls and continually strive to monitor, review, and enhance our IT security. For us at Sweet, it’s an honor to offer our customers products and services where security is never compromised.