The International Monetary Fund (IMF) reports that nearly one-fifth of cyber incidents in the past two decades have impacted the global financial sector, causing direct losses of $12 billion. In response, the European Union (EU) is implementing the Digital Operational Resilience Act (DORA), effective January 17, 2025. Financial institutions within the EU must comply with new cybersecurity risk-management rules, including Threat-Led Penetration Testing (TLPT). TLPT involves simulating real-world cyberattacks to assess an organization’s defenses against sophisticated threats. This proactive approach ensures that potential attack vectors are closed and strengthens overall cybersecurity.
To comply with DORA, financial institutions must first understand the specific threats they face. This begins with profiling the organization itself, including its sector, region, and risk profile, based on critical assets in both the business and its partner infrastructures. Understanding potential threat actors is the next step, including identifying the tactics, techniques, and procedures (TTPs) they use. Leveraging frameworks such as MITRE ATT&CK, organizations can create a map that correlates their vulnerabilities with potential attack scenarios specific to their environment.
Once the threat landscape is clearly defined, organizations can begin addressing these risks through Red and Purple Team exercises. Red Teaming involves simulating offensive cyberattacks based on threat intelligence to identify vulnerabilities. These attacks are tailored to the organization’s profile and the tactics of the specific threat actors. The Purple Team exercise involves close collaboration between Red and Blue Teams (internal defensive teams) to simulate and test responses to attacks in real-time. These exercises help ensure that both the security infrastructure and business processes can quickly detect, mitigate, and recover from cyber threats.
In addition to technical assessments, organizations must also test their people and processes through tabletop simulations. These exercises assess the ability of organizational stakeholders to respond effectively to a crisis, ensuring that incident response procedures are well-integrated into the overall business operations.
Beyond compliance, DORA also requires organizations to focus on continuous improvement. Cyber threats evolve rapidly, and financial institutions must be vigilant against new risks. This requires constant monitoring of infrastructure for changes in composition or activity, as well as regular testing to address new vulnerabilities. Organizations must also stay updated on evolving actor profiles and emerging tactics, techniques, and tools.
In conclusion, DORA compliance is not only about meeting regulatory requirements but also about fostering a culture of continuous vigilance and improvement in cybersecurity practices. Through proactive testing, ongoing surveillance, and adaptive security strategies, financial institutions can enhance their resilience and defend against evolving cyber threats.