The Digital Operational Resilience Act (DORA) is an EU financial regulation for managing IT risks and security incidents, taking effect in January 2025, leaving less than two months for organizations to prepare. DORA regulations affect banks, insurance companies, investment firms, and information & communications technology (ICT) service providers.

Yet many financial companies haven't started getting ready for DORA, risking being fined up to €22 million or 2% of yearly income (whichever is higher). Banks can also lose their right to work and face strict audits. Some organizations try to manually prepare for upcoming changes, taking an unnecessary risk with their business. These days we have many tools to automate routine tasks, such as documenting incident details, that don't cost an arm and leg.

What are the requirements?

Financial institutions need to align with the following requirements:

1.    Incident Management: Major incidents demand immediate action with a 2-hour reporting window, including initial assessment and senior management notification. Significant incidents allow 4 hours for the first report. Furthermore, DORA requires complete incident documentation covering root cause analysis, business impact, and corrective actions within a month.

2.    Testing Schedule: Organizations must perform basic security testing annually, including vulnerability scans and configuration reviews. Advanced testing, involving network penetration and application security checks, must happen every 3 years. Large financial institutions require threat-led penetration testing (TLPT) on critical systems in the same 3-year cycle.

3.    Recovery Standards: Critical functions demand a 2-hour recovery time objective (RTO), with a maximum 15-minute data loss window (RPO) for transaction and customer data systems. Full-service restoration, including customer access and data verification, must be completed within 4 hours.

4.    Third-party Risk Controls: Annual service provider assessments examine security, financial health, and operational capabilities. Contract reviews occur every 3 years. Exit strategies require yearly testing, including backup provider readiness and data portability verification.

5.    Documentation Requirements: Incident records require 5-year retention, encompassing all communications and response actions. Risk assessments and test results need 3-year storage, including methodologies, findings, and follow-up actions.

Looking at these strict timelines and requirements, it's clear that complying with DORA with bare hands is nearly impossible.

How to Speed Up DORA Implementation

SOAR Platforms are the fastest and most reliable option. Modern SOAR platforms can cut the implementation times by 60–70% by partially or fully covering the aspects mentioned above.

In terms of Incident Management, SOAR platforms handle every aspect needed. They pick up and sort incidents automatically, notify management immediately, and keep track of those crucial 2-hour and 4-hour deadlines. Some modern SOAR systems can even connect directly with authorities for reporting, gather all needed documents, find root causes, and figure out business impacts – all on their own.

The Testing Schedule support is good but not complete. SOAR platforms can set up and track when tests need to happen, run basic security checks, and work with other scanning tools. They're great at documenting everything that happens during tests. But they can't do the heavy lifting of penetration testing or replace specialized security tests – that still needs human experts.

For Recovery Standards, SOAR platforms help but won't solve everything. They watch recovery happening in real-time and can get some systems back up automatically. They'll track how long recovery takes and how much data might be lost. But they can't physically fix broken systems or replace your backup setup.

Third-party Risk Controls get solid backing from SOAR platforms. They track contracts with IT providers, keep an eye on security risks using AI, schedule regular checkups, and watch how providers are doing day-to-day. They even help test backup plans automatically. The only thing they can't do is check if providers are financially healthy – that needs different tools.

Documentation Requirements? SOAR platforms have got this covered completely. Most of them create and store records automatically, keep everything in standard formats, and track how long to keep different documents. When auditors come knocking, finding records is quick and easy. Plus, they back everything up automatically and keep track of all security policies.

With January 2025 approaching fast, financial organizations must wrap up their DORA preparation, and manual preparation is definitely not the option here, as it takes too long and risks missing critical points. Modern SOAR platforms are the best value for money when it comes to meeting the upcoming regulations in the short term without unnecessary risks.

While SOAR platforms can't handle everything – like penetration testing or financial health assessments – they effectively manage most DORA requirements. The choice is clear: either start DORA preparation now using automation tools or risk facing significant consequences in the near future.

Mike Admon is the CEO of Unipath (Finsec Innovation Lab's portfolio startup)

The post DORA compliance: How SOAR platforms offer a rapid path to implementation appeared first on www.israelhayom.com.

With great AI power comes great AI responsibility. While the most revolutionary tool since the beginning of the Internet is intended to ease our lives, it also eases hackers' lives. The current challenges of security teams and decision-makers are both staying ahead of the AI-driven hackers and getting prepared for the next battle

Over the last several years, we have witnessed the streamlined evolution of artificial intelligence (AI), impacting virtually every aspect of our lives, including our safety on the web. Indeed, AI has become both a catalyst for escalating cyber threats and a potent tool in fortifying our cyber defense.

According to Qualys, in 2023, the number of reported vulnerabilities soared to over 26,000 worldwide, marking the highest figure since the beginning of the Internet. The cybersecurity threats increased not only in numbers but in complexity partly due to the rise of AI. Both organizations and individual internet users should keep in mind that even the most life-changing tool, like AI, can be exploited for malicious purposes by threat actors.

Most cybercriminals use large language models like ChatGPT to perform different actions, such as personalize phishing emails and messages based on extensive data analysis of the user's online behavior, automate the generation of malicious code and develop malware that continuously mutates to evade detection, automate social engineering attacks, such as identity theft and financial fraud, and more.
Therefore, we are witnessing new challenges for security teams and decision-makers - staying ahead of ever-mutating threats that overwhelm cybersecurity professionals and getting prepared for the next battle.

This should be a mutual effort by all employees, as any factor in the workplace could be a potential loophole in the cyber wall – From education to cautious behavior to implementations of AI-powered security tools.

A survival kit for emerging risks

As cyber attacks keep evolving, security teams must anticipate the potential breaches beforehand by constantly building new strategies. AI-powered tools, such as SOAR platforms, enable security operators to streamline security workflows, to save time focusing on a big picture.

AI-driven platforms are designed to continuously learn from past incidents, predict potential security breaches, and adapt to new emerging threats. Therefore, by utilizing these platforms, security operators can mitigate risks associated with zero-day attacks and be prepared for whatever tomorrow brings.

IBM's case is a good example to illustrate this efficiency in numbers. Within the first year of implementation, IBM's security team used these AI capabilities to automate the closure of 70% of alerts and accelerate their threat management timeline by over 50%. Therefore, AI-powered cybersecurity software transformed from an expensive whim into a survival kit, that enables cybersecurity operators to keep up with a dynamic field of emerging risks.

The revolutionary AI era

Besides implementing AI solutions to the infrastructure, organizations should prioritize educating employees about the growing risks associated with AI-powered social engineering. Research from the University of North Dakota reveals that machine learning-based phishing detection technique achieves 94% accuracy in detecting phishing emails. However, it's crucial to address the remaining 6%, as this small margin represents the loophole that users must be vigilant to identify.

Therefore, AI enables us to scale up our defenses to confront the evolving landscape of cyber threats. Simultaneously, it allows us to harness the unique strengths of human context comprehension, which AI has not yet fully mastered.

The AI vs AI battle is another obstacle in the revolutionary AI era. A challenge that every huge invention needs to pass through to prove it's worth it and to take the world another step forward.

Mike Admon is the CEO of Unipath.

The post AI vs AI: Stepping forward carefully appeared first on www.israelhayom.com.