{
    "id": 444,
    "date": "2024-05-17T11:54:42",
    "date_gmt": "2024-05-17T09:54:42",
    "guid": {
        "rendered": "https:\/\/techwize.io\/?p=444"
    },
    "modified": "2024-06-21T10:03:24",
    "modified_gmt": "2024-06-21T08:03:24",
    "slug": "dora-une-reponse-aux-cyberattaque-dans-le-secteur-financier",
    "status": "publish",
    "type": "post",
    "link": "https:\/\/techwize.io\/en\/dora-une-reponse-aux-cyberattaque-dans-le-secteur-financier\/",
    "title": {
        "rendered": "DORA: A response to Cyber Attacks in the financial sector."
    },
    "content": {
        "rendered": "<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"the-first-step-to-impeccable-financial-security\"><strong>The first step to impeccable Financial Security<\/strong><\/h2>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">When cyber security becomes a matter of survival, digital resilience is no longer an option, but a necessity. Faced with an increasing number of sophisticated cyber attacks and security flaws (APIs, CICD, Software Supply Chain, Bots, DDoS, Trojan Horses, etc.), digital resilience has become an absolute necessity. The European Union&#8217;s DORA (Digital Operational Resilience Act) regulations, which come into force in January 2023, provide a crucial framework for strengthening this resilience. But complying with these standards is only the first step in protecting against cyber threats. To ensure true security and seamless business continuity, businesses need to go beyond mere regulatory requirements.<\/p>\n\n\n<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"general-framework-of-dora-regulations\"><strong>General framework of DORA regulations<\/strong><\/h2>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-473e247e098e568b1342397d408724ff\" id=\"doras-objective\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">DORA&#8217;s objective<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">The main objective of DORA is to strengthen the digital operational resilience of the financial sector. This means that all financial entities must be able to withstand, respond to and recover quickly from disruptions related to Information and Communication Technologies (ICT). Coming into force on 16 January 2023, from 17 January 2025, this regulation will apply to all financial entities and critical ICT service providers.<\/p>\n\n\n<figure class=\"wp-block-image is-resized\" style=\"\"><img decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/01-XHaA72AljHMJKSHgkpQmlxzg2G_PwjwBLCxnJPrGdF0Ubl5N2bY8lIu3mLdizwkPVGHDcDmqDFPI6-amcJSdt2uutwf2yTh3LJpYm8F7U16YrSC-UMi1ubBOzUpdmBwyCnCR8j2tDV0n8Suk9NDw\" alt=\"Cronologie des Directives\" style=\"width:600px\"><\/figure>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-bd143e34aefe98e153ef58c92d59719d\" id=\"scope-and-applicability\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Scope and Applicability<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">DORA is primarily concerned with:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Banks<\/li>\n\n\n\n<li>Insurance companies<\/li>\n\n\n\n<li>Asset management companies<\/li>\n\n\n\n<li>Exchanges and trading platforms<\/li>\n\n\n\n<li>Payment and settlement institutions<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">These regulations also apply to critical ICT service providers:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Cloud service providers<\/li>\n\n\n\n<li>Software as a Service (SaaS)<\/li>\n\n\n\n<li>Companies providing data storage services<\/li>\n\n\n\n<li>Providers of critical IT infrastructure<\/li>\n\n\n\n<li>Payment and transaction processing service providers<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">The implications are far-reaching, affecting both large financial institutions and smaller businesses that depend on ICT for their critical operations.<\/p>\n\n\n<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"dora-key-requirements\"><strong>DORA Key Requirements<\/strong><\/h2>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-e69589041dd680bf1f03ebf9486a6d8c\" id=\"ict-risk-management\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">ICT Risk Management<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">ICT risk management is at the heart of DORA. Financial entities need to identify and assess potential ICT-related risks that could affect their operations or data security (data breaches, system failures, software incompatibility, third-party failures, compliance risks). This involves developing clear information security policies that define expectations, responsibilities and procedures for protecting digital assets.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-0b8feb2a3221d70ab2830329244b1579\" id=\"security-controls\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Security Controls<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">DORA requires rigorous technical and organisational controls to be in place to prevent, detect and respond to security incidents. Companies must ensure that their systems are protected against cyber-attacks and other threats, and that they have processes in place to respond quickly and effectively in the event of an incident.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-321f77c18bbab3141506cf4708cb29a2\" id=\"technical-controls\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Technical controls<\/u><\/h3>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Identify, document and manage all ICT risks that could affect their financial services.<\/li>\n\n\n\n<li>Implementing robust security measures to protect data integrity, authenticity and confidentiality.<\/li>\n\n\n\n<li>Carrying out regular tests to assess the effectiveness of security measures and their ability to withstand different types of cyber-attack.<\/li>\n<\/ul>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-6b5bd0ab7c744bf8856db9178e9dd77d\" id=\"organisational-controls\"><em><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Organisational controls<\/u><\/em><\/h3>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Establishment of clear governance with defined roles and responsibilities for ICT risk management.<\/li>\n<\/ul>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Ongoing staff training on ICT risks and security procedures.<\/li>\n<\/ul>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Development of action plans to respond quickly and effectively to security incidents<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">These are onerous and time-consuming procedures, which is why companies are advised to adopt the right tools now!<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-ace2cb97577308a4d89779a6e1b5a3c4\" id=\"training-and-awareness\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Training and awareness<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">Staff training and awareness-raising are essential for effective data protection. DORA asks financial entities to set up training programmes for staff, to pass on best practice in ICT security.<\/p>\n\n\n<p class=\"wp-block-paragraph aligncenter has-text-align-center wp-block-paragraph\" style=\"\"><\/p>\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized\" style=\"\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA-1024x576.png\" alt=\"sch&eacute;ma des attentes de DORA\" class=\"wp-image-449\" style=\"width:600px\" srcset=\"https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA-1024x576.png 1024w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA-300x169.png 300w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA-768x432.png 768w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA-1536x864.png 1536w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"management-process-and-governance\"><strong>Management Process and Governance<\/strong><\/h2>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-b10ce03386438e7eceb7fca4df6ce707\" id=\"incident-management\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Incident Management<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">DORA entities must establish incident response plans to react quickly and effectively in the event of a security problem. These plans must include clear procedures for detecting, reporting and managing incidents, thereby minimising their impact on operations.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-e2f4514c3d7d3c548b68711f2062faa0\" id=\"business-continuity\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Business Continuity<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">DORA stresses the importance of business continuity and disaster recovery plans. These plans should ensure that critical operations can continue, even in the event of a major disruption, thereby ensuring the operational resilience of the business.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-7f6ab98528450753f66e71e9f150b82c\" id=\"audit-and-review\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Audit and Review<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">Regular audits are essential to verify compliance with security policies and controls. Financial entities should also periodically review their processes to ensure they remain relevant in the face of evolving threats.<\/p>\n\n\n<h2 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-323a0fbccbd077820aee6e1ee021a721\" id=\"ict-governance\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">ICT governance<\/u><\/h2>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">Appropriate ICT governance is crucial. DORA requires a strong commitment from senior management to support security initiatives and ensure that ICT risk management strategies are effectively implemented and monitored.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"monitoring-of-ict-service-providers\"><strong>Monitoring of ICT Service Providers<\/strong><\/h3>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-6653c4fb6d2a7b655626936036e9723a\" id=\"monitoring-mechanism\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Monitoring mechanism<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">DORA provides for the establishment of a mechanism for the direct supervision of critical ICT service providers at EU level. This means that businesses must ensure that their ICT service providers comply with the requirements of DORA, thereby strengthening the resilience of the financial sector as a whole.<\/p>\n\n\n<h3 class=\"wp-block-heading is-style-default has-primary-500-color has-text-color has-link-color has-18-font-size wp-elements-cde4a5ddfaf487d9b8b56784ed17abca\" id=\"provider-compliance\"><u style=\"--wp--custom--underline--style:solid\" class=\"has-text-underline is-underline-solid\">Provider Compliance<\/u><\/h3>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">Financial entities have a responsibility to ensure that their ICT service providers comply with the standards and requirements set out by DORA. This includes implementing controls to verify compliance and proactively managing the risks associated with external providers.<\/p>\n\n\n<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"associated-directive-eu-20222556\"><strong>Associated Directive (EU) 2022\/2556<\/strong><\/h2>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">In order to harmonise with the new provisions of DORA, <a href=\"https:\/\/legifrance.gouv.fr\/jorf\/id\/JORFTEXT000046928437\" target=\"_blank\" rel=\"noopener\">Directive (EU) 2022\/2556<\/a> amends several existing directives, (<a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/?uri=CELEX%3A32013L0036\" target=\"_blank\" rel=\"noopener\">CRD IV<\/a>, <a href=\"https:\/\/www.francenum.gouv.fr\/guides-et-conseils\/developpement-commercial\/solutions-de-paiement\/paiements-en-ligne\" target=\"_blank\" rel=\"noopener\">PSD2<\/a>, <a href=\"https:\/\/www.legifrance.gouv.fr\/jorf\/id\/JORFTEXT000042713431\" target=\"_blank\" rel=\"noopener\">BRRD<\/a>, <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/?uri=celex%3A32009L0138\" target=\"_blank\" rel=\"noopener\">Solvency 2<\/a>, <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016L2341\" target=\"_blank\" rel=\"noopener\">IORP 2<\/a>, <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/?uri=celex%3A32014L0065\" target=\"_blank\" rel=\"noopener\">MiFID 2<\/a>, <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/?uri=celex%3A32011L0061\" target=\"_blank\" rel=\"noopener\">AIFM<\/a>). This harmonisation aims to ensure regulatory consistency and facilitate the integration of new requirements.<\/p>\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized\" style=\"\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2-1024x576.png\" alt=\"Rappel date d'entr&eacute; en vigueur en de DORA\" class=\"wp-image-447\" style=\"width:600px\" srcset=\"https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2-1024x576.png 1024w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2-300x169.png 300w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2-768x432.png 768w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2-1536x864.png 1536w, https:\/\/techwize.io\/wp-content\/uploads\/2024\/05\/Visuel-acrticle-DORA2.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n<h2 class=\"wp-block-heading is-style-sub-heading has-24-font-size\" id=\"going-beyond-compliance-towards-sustainable-financial-security\">Going beyond Compliance: Towards Sustainable Financial Security<\/h2>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">The DORA regulation is the European Union&#8217;s response to the ICT threats facing the financial sector. Its aim is to raise security standards for businesses.<\/p>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">That&#8217;s why strict compliance with these directives is only the beginning of the journey towards enhanced digital security. Cyber attacks are agile, intelligent, defying boundaries and predictions. It is crucial to understand that regulatory compliance alone cannot guarantee robust security. Vulnerability is amplified by the increasing complexity of its infrastructures, whether on-premises or in the cloud.<\/p>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">It is imperative to use appropriate solutions and discuss them with cybersecurity experts to ensure highly effective protection. Organisations in the financial sector need to take immediate steps to strengthen their cyber security posture. To protect themselves, they can use agile solutions on niche themes such as APIs, CI\/CD, WAF, IAM, DDoS, Anti-Bot, <a href=\"https:\/\/techwize.io\/en\/la-revolution-des-reseaux-de-diffusion-de-contenu-cdn\/\">CDNs<\/a> and <a href=\"https:\/\/techwize.io\/en\/gestion-financiere-des-kubernetes-une-solution-innovante-pour-optimiser-vos-couts\/\">Kubernetes<\/a>.<\/p>\n\n\n<p class=\"wp-block-paragraph wp-block-paragraph\" style=\"\">Neglecting to strengthen security exposes your business to serious risks, with potentially damaging reputational consequences. By adopting a preventative approach and continuing to improve security, your business can not only comply with regulations, but also strengthen its resilience in the face of emerging threats. Only a continuous commitment to improving security can guarantee lasting protection over time.<\/p>",
        "protected": false
    },
    "excerpt": {
        "rendered": "<p>The first step to impeccable Financial Security When cyber security becomes a matter of survival, digital resilience is no longer an option, but a necessity. Faced with an increasing number of sophisticated cyber attacks and security flaws (APIs, CICD, Software Supply Chain, Bots, DDoS, Trojan Horses, etc.), digital resilience has become an absolute necessity. The &hellip;<\/p>",
        "protected": false
    },
    "author": 2,
    "featured_media": 445,
    "comment_status": "closed",
    "ping_status": "open",
    "sticky": false,
    "template": "",
    "format": "standard",
    "meta": {
        "footnotes": ""
    },
    "categories": [
        70
    ],
    "tags": [],
    "class_list": [
        "post-444",
        "post",
        "type-post",
        "status-publish",
        "format-standard",
        "has-post-thumbnail",
        "hentry",
        "category-gouvernance"
    ],
    "_links": {
        "self": [
            {
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/posts\/444",
                "targetHints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        ],
        "collection": [
            {
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/posts"
            }
        ],
        "about": [
            {
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/types\/post"
            }
        ],
        "author": [
            {
                "embeddable": true,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/users\/2"
            }
        ],
        "replies": [
            {
                "embeddable": true,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/comments?post=444"
            }
        ],
        "version-history": [
            {
                "count": 11,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/posts\/444\/revisions"
            }
        ],
        "predecessor-version": [
            {
                "id": 803,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/posts\/444\/revisions\/803"
            }
        ],
        "wp:featuredmedia": [
            {
                "embeddable": true,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/media\/445"
            }
        ],
        "wp:attachment": [
            {
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/media?parent=444"
            }
        ],
        "wp:term": [
            {
                "taxonomy": "category",
                "embeddable": true,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/categories?post=444"
            },
            {
                "taxonomy": "post_tag",
                "embeddable": true,
                "href": "https:\/\/techwize.io\/en\/wp-json\/wp\/v2\/tags?post=444"
            }
        ],
        "curies": [
            {
                "name": "wp",
                "href": "https:\/\/api.w.org\/{rel}",
                "templated": true
            }
        ]
    }
}