The Digital Operational Resilience Act (DORA) is an EU regulation designed to improve the security of financial entities’ information and communication technology (ICT).
The legislation aims to ensure the European financial sector can withstand severe digital disruption, which might result from concerted nation-state attacks. While DORA comes into full force on January 17, 2025, organizations should take steps to prepare in advance.
This robust regulation covers over twenty different types of financial organizations and third parties that provide information technology services to financial organizations. Although it is only legally binding in the EU, DORA is so comprehensive and far-reaching that its effects will be felt across the global financial sector.
Here are the key tools and processes to consider when preparing for compliance for these three elements of DORA legislation.
Create a risk management framework
Building a risk management framework will help you to continuously manage exposure with a structured program. Adopt a Continuous Exposure Management (CEM) platform to map the entire attack surface, identify and prioritize the highest-risk vulnerabilities and threats, and mobilize action to combat the highest-priority exposures.
A CEM solution is a foundational part of your risk management framework and delivers integrated attack surface management, network security policy management, and vulnerability and threat management.
Visualize the attack surface
Use a Cyber Asset Attack Surface Management (CAASM) tool to compile and maintain a complete inventory of every asset
The best solutions visualize the attack surface as a network model of the entire network, on-premise and in the cloud, including network routes and rules, firewall access, connections to the Internet, and partner networks.
Perform network risk assessments
Use a Network Security Policy Management (NSPM) solution to run risk assessments without directly impacting the live network. Adopt this approach to see the effects of network zoning or firewall access changes, run access and exposure analysis queries, and gain insights into security exposures and attack paths in a safe, sandboxed environment.
Prevent cyberattacks from spreading
Use the NSPM solution to analyze network routes and rules and instantly identify the relevant “kill switches” to isolate assets or network segments.
The best solutions will automatically shut down access automatically should certain triggers suggest that an attack is in progress.
Respond to security vulnerabilities
Prepare for compliance using a Vulnerability and Threat Management (VTM) solution. Use a good VTM solution to prioritize the vulnerabilities that matter most to your business based on severity, exploitability, business asset importance, and exposure across the network.
Since it is impossible to patch all vulnerabilities immediately, look for a VTM solution that prescribes alternative controls, such as a firewall change or the application of an IPS signature that mitigates the risk until a patch can be deployed.
Learn from risks and evolve defenses
With so many separate sources of threat intelligence and scanning data, it is a challenge to understand how risks are evolving in the wild.
Get to a single source of truth by aggregating the scan data and threat intelligence results. This way your team can instantly see when and where a new vulnerability or threat could impact organizational resilience and what the most significant risks are to your organization.
This approach also assesses exposure for those assets that are air-gapped or cannot be scanned regularly without negatively impacting network and business performance.
Manage and report incidents
A fundamental prerequisite to reporting incidents accurately is a comprehensive understanding of the estate’s assets and their importance to the business. Prepare for compliance by building an asset inventory that records:
- Geographic location and ownership
- Importance to the business expressed in both relative and absolute monetary terms
- Compliance status
- Technical metadata such as operating systems, patches, and any vulnerabilities
Consider using Cyber Risk Quantification (CRQ) to express the cyber security risk for a given asset in quantitative financial terms to help with reporting direct and indirect loss and economic impact.
Test operational resilience
Using network modeling and visualization makes it easier to test operational resilience on an as-needed basis by testing the model rather than the live network. Look for solutions that help you run attack simulations and analyze attack paths between any two points across the network to understand how security controls protect vital assets.
Using a VTM solution, analyze the organization’s ability to withstand attacks using a risk-based approach that combines factors such as:
- CVE severity
- Exploitability in the wild
- Business asset importance
- Exposure to attack across the network
Conclusion
Implementing compliance with DORA’s requirements for risk management, incident management and reporting, and operational resilience testing is a substantial undertaking.
Continuous Exposure Management (CEM) technologies enable you to meet DORA regulations through:
- Modeling and visualization
- Attack surface management
- Network security policy management
- Vulnerability and threat management
- Attack simulation
- Attack path analysis
- Cyber risk quantification
Use a CEM platform (that combines attack surface management, network security policy management, and vulnerability and threat management solutions) to comply with DORA’s requirements and manage the organization’s operational cyber resilience. For more information on the challenges of DORA compliance, listen to Skybox in conversation with IT Pro in the “What DORA means for business” podcast.
