Even prior to the Covid-19 pandemic, security teams faced a real challenge to ensure that their organisation’s infrastructure and overall digital environment were protected from perpetrators with malicious intent. These teams have had to constantly adapt to emerging threats, weaknesses and methods used by attackers, whilst maintaining a steady environment that allows the organisation to further its operations and extract value from technological investments.
Adopting proven cyber resilience methods
The pandemic has pushed organisations to digitise their operations, however, many face significant cybersecurity challenges. In their path to growth and innovation, new and emerging technologies such as cloud, web and mobile tech are being introduced, each having their own heightened levels of risk introduced into the digital ecosystem. It is also important to consider risks related to the outsourcing of services and systems, driven by cost-effectiveness objectives, that reduce the organisation’s control over IT systems and endpoints. As a result, many digital ecosystems have now become boundless, enlarging the attack surface, and in turn, risk.
It is therefore imperative that organisations, especially those operating within the financial sector, adopt proven cyber resilience methods and overall cybersecurity strategies to combat the constantly evolving and complex nature brought about by enabling a digital environment.
DORA (Digital Operational Resilience Act)
On the 11th of May 2022, the European Council and European Parliament reached a provisional agreement on the Digital Operational Resilience Act (DORA), which will make sure that the financial sector in Europe is able to maintain resilient operations when faced with a severe operational disruption.
The Act seeks to introduce guidelines and standards for financial services institutions to prepare for and effectively manage disruptions brought about by possible incidents such as hacking attempts, data breaches, disaster occurrences, and other events which may result in the loss or unauthorised release of confidential information through the adoption of five core principles:
- ICT risk management
- ICT-related incident reporting
- Digital operational resilience testing
- ICT third-party risk
- Information sharing
BDO can assist organisations in developing their IT & Cybersecurity strategy, incorporating digital resiliency within complex environments, through its holistic approach, cyber risk management, business continuity and incident management, and penetration testing methodologies. This allows your organisation to maintain a level of acceptable cyber risk and resiliency, whilst supporting evolving business processes.