TechSense Magazine #03

More documents

Recommendations

Info

TECHSENSE Magazine #03InformDORA:STRENGTHENINGTHE EU’S DIGITALRESILIENCEThe EU DORA Act stresses the importance of operational resiliencefor the continent’s digital future.The EU published its Digital Operational Resilience Act,otherwise known as DORA in the summer of 2022. The actis a regulatory initiative that covers both cybersecurityand operational resilience within the financial services industry.It is a piece of legislation that will impact all financial market suchas banks, management companies, investment firms, insurancecompanies, trading venues and crypto asset providers. The newlegislation highlights a key shift in focus within the EU whichrequires that firms can both demonstrate financial resilience andmaintain operational resilience should a severe incident occursuch as a cyberattack or systems failure.The term "digital transformation" has been rampant throughoutthe last two years and has been used to describe the new erafor finance and the way companies will be operating in thefuture. Whilst this presents firms within the financial servicesindustry with more opportunities for innovation, it also createsan environment of greater risk with regards to cybersecurity. Inorder to embrace this digital future, there are new compliancemeasures being introduced in the DORA act ensuring that firmswill be able to operate safely.These new measures are reflective of the fact the DORA act wascreated due to the assumption by the EU that most financial servicesfirms do not currently have the necessary level of capability toassess and analyze the quantitative impact of incidents. In orderto change this, the DORA act will see a greater focus on digitaloperational resilience testing by introducing new requirementsthat firms will be expected to have implemented by Q4 2024. Withinthis tight timeframe, firms will be required to show that they areable to conduct appropriate resilience and security tests on theirThe DORA act will see a greater focus on digitaloperational resilience testing by introducingnew requirements that firms will be expectedto have implemented by Q4 2024.George RalphGlobal Managing Director at RFA"critical ICT systems and applications" on an annual basis. As aresult of this, they will also need to be able to "fully address" anyvulnerabilities that are identified within their stress testing. Thiswill be expected to be carried out alongside the DORA businessimpact analysis requirement, which could see firms subject to asignificant level of supervisory scrutiny and a need to demonstrategreater accurate testing and scenario analysis capabilities.In order to move forward under the guidance of the DORA act,George Ralph, Global Managing Director at RFA outlines what firmsoperating in Luxembourg can do to ensure they are adhering toregulatory requirements and the law:"Firms should start by setting a framework for the next two years.They must take a holistic view of policies and procedures in orderto identify any shortfalls and understand where improvementscan and should be made. This will help them prepare for worsecase scenarios whilst understand where they can be continuouslylooking to maintain operational resilience. It goes without sayingthat firms should be investing in their cyber defense, monitoring andreporting systems. This can work best with an outsourced providerwho can provide firms with specialist support. This strategy canbe beneficial as it removes the financial and time burden that canbe placed on in house security teams. An outsourced provider canalso provide support as a company’s business scales without anadditional work burden on their internal team. Companies shouldbe implementing stress testing regularly to look for vulnerabilitiesin their network. Mitigating cyber risk is much more effective thanmanaging a cyberattack. Embracing the legal requirements set outin the DORA act will be vital for firms operating across Europe in thenext 24 months. It will be vital to a company’s survival in finance’sincreasingly digital future."08
InformTECHSENSE Magazine #03NavigatingTHE EVOLVINGTHREATLANDSCAPE| By Philippe Bovy |When it comes to the threat landscape,cyber criminals are growing in sophistication,and it’s no secret that businesses are battlingagainst increasing cyber-threats. It’s critical thatorganizations are able to identify these threatsand mitigate against them, without any disruptionto business continuity. Businesses in Luxembourgare facing the same challenge.— The Evolving Threat LandscapeExternal factors have a significant impact on cybercrime.Geopolitical events, such as the war in Ukraine, create anenvironment for cybercrime to thrive. Similarly, at the beginningof the pandemic, cybercrime soared by 600% as threat actorstook advantage of new vulnerabilities. The associated costs arebecoming astronomical. This is causing premiums to skyrocketas insurance companies struggle to cover the volume and costsof cyber-attacks. Cybercrime is estimated to increase in cost forcompanies to $10.5 trillion by 2025, which makes it even moreimportant for organizations to have the ability to respond at pace.— In light of this, what should the CISO’s toptwo priorities be?Priority One: Regulation & InsuranceRegulation sits far behind where we need to be to mitigate risk acrossall industries. Organizations need to go much further than meetingthe bare minimum. Especially in Luxembourg where the Supervisorof the Financial Sector (CSSF) highlighted the importance of abusiness continuity plan and the proper functioning and recovery ofbackups. The CSSF placed particular emphasis on the importanceof offline backups of the most essential systems and data.Insurance companies on the other hand are realizing that the gapis too big - hence the rise in cyber premiums. This is a problembecause a lot of businesses completely rely on insurance policiesto cover recovery costs against these kinds of attacks. Someinsurers are even withdrawing their policies altogether becauseof this. CISOs need to start thinking about how confident they arePhilippe BovyHead of Sales and Solutions at Kyndryl Luxembourgin their ability to recover and the financial implications they wouldface from prolonged downtime.Priority Two: Operational ResilienceResilience needs to become more proactive. Whether it’sgeopolitical, cyber, or environmental, businesses need to realizethat responsibility for the concentrated risk and operationalresilience lies with CISOs, IT Directors and Risk Officers, not withregulators and insurers.It begins with understanding where you are today. Where are thegaps and where do you want to get to? Investing in automatingand orchestrating recovery processes, enhancing recovery timeand recovery point objectives, while simultaneously mitigatinghuman error in restoring from backups should be a focus in allorganizations. Continuous testing and cyber simulation exercisescan support this, ensuring you have confidence in your ability toact and recover at pace when the worst happens.Proactive ActionTo effectively protect the future, we need to realize that regulationis lagging behind what it should be to mitigate risks. Insurancepolicies are shifting that risk and the responsibility is now backinto the hands of the CISO. In addition to this, organizations mustadopt a culture of operational resilience to survive the evolvingthreat landscape, which should be driven by the CISO.At the beginningof the pandemic,cybercrime soaredby600%as threat actors tookadvantage of newvulnerabilities.Cybercrime isestimated toincrease in cost forcompanies to$10.5trillion by 2025.09
Page 1 and 2: #03
Page 3 and 4: TECHSENSE Magazine #03EDITOChères
Page 5 and 6: EarnieAnimals of IndiaCréez l’ef
Page 10 and 11: TECHSENSE Magazine #03InformMobilit
Page 12: TECHSENSE Magazine #03InformSUSTAIN
Page 15 and 16: Intégrateur de solutions ICT - Tel
Page 17 and 18: InformTECHSENSE Magazine #03system
Page 20 and 21: 02Learn{ Verbe transitif }Acquérir
Page 22 and 23: gendaTECHSENSE Magazine #03LearnCyb
Page 24: TECHSENSE Magazine #03LearnTECH TRE
Page 27 and 28: LearnTECHSENSE Magazine #03IVENAppl
Page 29 and 30: LearnTECHSENSE Magazine #03APPERAPP
Page 32 and 33: TECHSENSE Magazine #03Learn— What
Page 34 and 35: TECHSENSE Magazine #03LearnPLATFORM
Page 36 and 37: TECHSENSE Magazine #03LearnZero-Tru
Page 38 and 39: 03Solve{ Verbe transitif }Trouver u
Page 40 and 41: TECHSENSE Magazine #03SolveESGANALY
Page 42 and 43: TECHSENSE Magazine #03SolveLa fin d
Page 44: TECHSENSE Magazine #03SolveData hun
Page 47 and 48: A day of challenges, learning and f
Page 49 and 50: SolveTECHSENSE Magazine #03OUD| By
Page 51 and 52: SolveTECHSENSE Magazine #03Which in
Page 53 and 54: AND YOU CAN BE PART OF IT!CIAM Plat
Page 55 and 56: NetworkTECHSENSE Magazine #03202255
Page 57 and 58:
NetworkTECHSENSE Magazine #03Organi
Page 59 and 60:
Multicloudas a ServiceWe simplifymu
show all

TechSense Magazine #03

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?