A binding, comprehensive framework for ICT risk management was established for the EU financial industry by the Digital Operational Resilience Act, or DORA, a legislation of the European Union (EU). By January 17, 2025, financial companies and their essential third-party technology service providers must implement the technological standards set forth by DORA in their ICT systems.
All financial institutions in the EU must abide with DORA. This comprises both conventional financial institutions (such as banks, investment companies, and credit institutions) and non-conventional ones (such as crowdfunding websites and crypto-asset service providers). Notably, several businesses that are generally exempt from financial rules are also covered by DORA.
In order to solve issues with regulatory compliance and cybersecurity, DORA and other rules place a strong emphasis on operational resilience, which is the capacity to offer clients dependable and secure services. Financial institutions are required to specify the service levels, recovery times, and business recovery methods that are acceptable for their operations. Organizations must test their business recovery procedures on a regular basis and submit test results that demonstrate that SLAs have been satisfied, according to regulations.
Entities are required to conduct business impact evaluations as part of the risk-assessment process to determine how specific scenarios and significant interruptions might influence the firm. Additionally, organizations will be required to implement the necessary cybersecurity safety precautions. Here, cutting-edge solutions with cyber resilience enter the picture.
Describe cyber resiliency
Operational resilience includes cyber resilience. It focuses on offering a tried-and-true plan for data security and business continuity in the event of sophisticated ransomware or cyberattacks, including cases in which data is encrypted by ransomware.
The significance of a robust cyber-resilience strategy
The average cost of a data breach worldwide was $4.45M, according to the IBM Cost of Data Breach Report 2023. The average cost of a data breach in the US was $9.48M, which was the largest amount ever. Additionally, it stated that it took businesses 277 days on average (or almost 9 months) to find and stop a breach.
Organizations may guard against disruptive cyber incidents and quickly recover from them with the aid of a solid cyber-resilience plan that offers a holistic approach, combining cybersecurity with data protection and disaster recovery techniques.
The tactics and strategies used to lessen the effects of such cyberattacks must advance along with the attacks’ level of malice and sophistication. Traditional recovery strategies, such as traditional disaster recovery systems, must adapt to meet these new scenarios, which calls for fresh thinking and collaboration between the disaster recovery and security teams.
Beyond the traditional resilience approaches of backup, high availability, and disaster recovery, cyber resilience also addresses other areas. Despite the fact that these techniques are crucial and must be incorporated into the entire resilience program, because they are designed to maintain data replication with the minimum RPO (recovery point objective), they frequently duplicate a ransomware attack to many settings.
A cyber-resilient solution that can quickly seize control while not spreading the ransomware must be viewed as a different leg of this stool, generally on a third environment. Cyber-resilient solutions can close security holes and address compliance challenges by thwarting assaults with a variety of methods.
Advantages of a solitary healing setting
An isolated recovery environment in the cloud works in conjunction with disaster recovery in a number of ways, including:
- It aids in modifying and setting up the recovery procedure in accordance with the particular requirements of your applications. Complex recovery operations can be implemented that might not be possible with a traditional disaster-recovery solution.
- For thorough testing and validation, it provides additional control and freedom. You can use this to check the efficiency of your recovery processes.
- It improves security depending on your unique needs and aids in complying with regulations.
IBM best practices for cyber-resilience
While enabling compliance with important criteria from legislation like DORA, IBM infrastructure solutions enable clients to design and manage cyber resilience across a wide landscape, including a hybrid cloud environment. IBM can effortlessly interact with your current system using both on-premises infrastructure and cloud-based resources. On-premises systems can be replicated and recovered to a cloud-based recovery environment, offering a uniform and reliable recovery solution. Your entire infrastructure is secured and recoverable thanks to this integration.
Best practices for IBM’s cyber-resilience include the following:
- Air-gapped security as a backup copy against spreading malware
- Immutable storage to avoid corruption and deletion of backups
- Tools for data purification, scanning, and testing in clean environments
- Response and recovery technologies utilizing automation and orchestration
- Division of labor
When faced with DORA requirements, IBM Cloud gives the base infrastructure the flexibility to offer reliable solutions that meet compliance criteria. With IBM Cloud Cyber Recovery, regardless of whether it is dedicated or utilized in a managed-as-a-service consumption model, IBM can simply offer the expertise for a completely compliant cyber-resilient solution that is independent of the production environment.
Study more
By integrating normal backup, disaster recovery, and an isolated recovery environment in the IBM Cloud, businesses can create a highly customized, adaptable, and robust recovery solution. Additional choices for recovery, customization, security, integration, and compliance are available in the isolated recovery environment. This increases the resilience strategy’s overall efficacy and control and, at the same time, ensures compliance with and support for rules like DORA. These factors all work together to keep your organization’s business operating.
[…] Keep backups longer across more than one region to increase resilience […]
[…] Cloud Security and Compliance Center. The solution suite supports clients’ requirements for resiliency, performance, security, and compliance while assisting in the reduction of operational costs as […]
[…] goal at Google Cloud is to change cybersecurity for businesses by using their cutting-edge knowledge, experience, and inventive AI solutions. Nowhere is this more […]
[…] Bermuda’s function as an international data-transit switch will boost network redundancy and resilience for nations on both sides of the Atlantic for decades to […]
[…] requirements of financial institutions. It guarantees regulatory compliance, excellent security, and resilience throughout both the initial deployment phase and continuous operations. By defining a set of […]
[…] address, and recover from cyber-attacks without compromising business continuity is known as cyber resilience. IBM will examine the idea of cyber resiliency in this blog post from an IBM standpoint and discuss […]