FEATURE : CLOUD SECURITY
This means that the regulation impacts not only banks and other financial institutions , but also the technology firms that support them . For example , DORA will apply to a financial services firm regardless of whether they use a hyperscale cloud provider or a small fintech .
The purpose of DORA is to strengthen resilience to IT-related incidents by requiring organisations to focus on their digital resilience strategies and accompanying digital resilience frameworks .
This will mean that all financial services firms must prove they can withstand , respond to , and recover from all types of IT-related disruptions and threats .
The responsibility and accountability for institutionwide digital resilience will sit with CEOs and the executive committee , covering governance and organisation , IT risk management framework , ICT incident management , classification and reporting , digital operational resilience testing , third-party provider risk management , and information sharing .
Critical IT third party providers
Potentially the most challenging area will be achieving oversight of Critical IT Third Party Providers , CTTPs , such as network providers , cloud platforms , and data analytics services as well as financial services firms .
81 % FINANCIAL SERVICE PROFESSIONALS FEAR AN ESCALATION IN CYBER-ATTACKS , DRIVEN BY UNSETTLED GEO- POLITICAL SITUATIONS .
DORA compliance aside , banking and financial services organisations need an approach that recognises the singularity of the sector ’ s challenges ; one that supports change in three areas :
• Securing your multi-cloud to achieve better control , visibility and security across your cloud infrastructure .
• Securing your end users and data by establishing defences for your customer information and company data when your employees are working from anywhere .
• Improving your operational resilience by identifying security risks across your third-party interactions , internal infrastructure and defences .
Arrival of DORA
In addition , the arrival of the Digital Operational Resilience Act , DORA will force organisations to seriously consider where they are with their security posture considering the consequences of non-compliance . DORA will apply to financial sector organisations operating in Europe from 17 January 2025 .
Ongoing digital transformation , cloud acceleration and growing governance pressures are exacerbating security vulnerabilities within finance and banking – and each individual organisation will face unique additional issues on top of that .
By creating a clear picture of requirements first , and only then tailoring a cybersecurity solution , financial services organisations can move closer to the solution that will enable them to thrive securely . p
48 INTELLIGENTCIO AFRICA www . intelligentcio . com