t cht lk
MANAGING THE THIRD-PARTY BLINDSPOT FOR DORA
Andre Troskie , EMEA Field CISO at Veeam , says DORA compliance won ’ t prevent every threat but ensures you can prove readiness and recover swiftly from cyberattacks .
The financial service industry is no stranger to stringent regulation . Unlike other sectors that have scrambled to comply with legislation such as NIS2 , FS organisations are comparatively pretty diligent when it comes to data resilience and cybersecurity . Having operated under some of the strictest regulatory standards for some time , for most , DORA compliance should be manageable – for internal operations that is .
Third parties are one of the biggest risks to FS organisations when it comes to DORA compliance .
Well prepared ?
Despite the confidence that many FS organisations likely have in their ability to comply with DORA audits and reporting , they can ’ t afford to take their eyes off the ball . DORA compliance extends beyond internal procedures , covering third-party service providers as well . It ’ s here where most organisations risk tripping up in the initial stages of DORA enforcement . With consequences ranging from significant fines to brand and reputational damage , it ’ s an issue that organisations can ’ t afford to overlook .
Unlike other sectors that also have to comply with NIS2 , financial services organisations by necessity are typically further ahead of the curve when it comes to regulatory compliance . For many , DORA ’ s requirements will have been about building on ( and proving ) the strength of the foundations already in place . The main focus on DORA for financial services will likely instead be on operational resilience testing , ensuring internal awareness of different scenarios and their risk impacts .
www . intelligentcio . com INTELLIGENTCIO EUROPE 69