Skip to navigation Skip to main content Skip to footer

How Cyber Threat Intelligence Enhances DORA Compliance Efforts

15 August 2024

By Matt Hull

For financial institutions and their critical suppliers, reliance on information and communication technology (ICT) and persistent targeting by cyber attackers means that potential cyber security threats are a greater concern than ever across the sector. 

New regulations like the Digital Operational Resilience Act (DORA) are being introduced to fortify the industry's defences. They create new requirements for organisations to utilise and understand the latest cyber threat intelligence.

DORA, the EU legislation that comes into force in January 2025, aims to elevate cyber resiliency and operational resilience standards across the sector. Cyber threat intelligence—actionable knowledge and insight on adversaries and their malicious activities—is central to several areas of DORA compliance. 

From DORA's information-sharing requirements to reducing risk through the supply chain and building an understanding of your organisation's unique threat landscape, DORA ensures that threat intelligence insights must now go hand in hand with your regulatory compliance efforts.

Here, let's examine DORA's statement on the role of cyber threat intelligence in achieving compliance and building operational resilience.

Information sharing

DORA's Article 45 outlines information-sharing requirements relating to cyber threat information and intelligence. It sets out arrangements between trusted communities of financial entities to share threat intelligence and enhance the wider digital operational resilience of financial organisations.

With massive funds and highly sensitive data at stake, the financial services sector was once again the second most impacted by the cost of cyber incidents this year (IBM Cost of a data breach report 2024).

Any breach could have a significant financial and operational impact on financial institutions, so collaboration to share cyber threat intelligence is of tremendous value in global efforts to create more resilient financial systems. 

Access to quality threat intelligence enables CISOs and IT leaders to reduce harm to their organisation through better security decision-making. Sharing intelligence such as indicators of compromise (IoCs), techniques, tactics, and procedures (TTPs), and cyber security alerts in a collaborative effort improves broader awareness of live threat actors and attack campaigns most efficiently. 

To prepare for DORA's requirements, organisations should make particular efforts to ensure that their information-sharing arrangements have provisions that mandate they report and include details where public authorities or third parties have been involved in sharing cyber threat intelligence.

Risk management

Regulations such as DORA and its potential fines for non-compliance bring another risk to organisations. However, regardless of regulatory pressure, understanding your digital risk and attack surface is vital for organisations to better prevent, respond to, and recover from ICT-related disruptions and threats. 

Insight into cyber threats facing their organisation and others like it is invaluable to CISOs. As publicly accessible information increasingly becomes the entry point for attackers on the attack timeline, external threat intelligence provides a nearly real-time understanding of what an organisation's external security posture looks like. 

DORA's requirements continue the cyber regulatory theme pushing organisations to better understand the unique risks and threats facing their organisation. Chapter 1, Article 7 of DORA requires financial entities to identify all sources of ICT risk, particularly business exposure, and the systems and tools they use.

External threat intelligence is clearly highly useful in this regard – continuous use built into risk management processes will enable organisations to build a strong digital posture and assist in showcasing DORA compliance to competent authorities.

 

Third-party risk


DORA recognises that a firm's operational resilience is increasingly vulnerable to failures in ICT third-party services such as cloud, software, data analytics, and remote data centres. For this reason, the Act will also apply to ICT third-party providers.

If a security incident occurs within your supplier's environment and affects your organisation's customers, you could potentially be held responsible under DORA. Therefore, a comprehensive approach is required, ensuring all suppliers meet the same operational security hygiene standards as the primary organisation.

Conducting thorough due diligence on your third parties' cyber security posture becomes essential not only to protect customers but also to protect the organization itself. By ensuring that the supply chain and vendors are adequately protected, organisations are more prepared to prevent the risk of supply-chain failures or breaches and better equipped to satisfy DORA's requirements in relation to Third-Party Service Providers (TPSPs). 

Exercises such as vendor risk assessments, continuous supplier monitoring, and the use of threat intelligence can provide an external view of your security posture. Meanwhile, identifying potential attack entry points into your organisation via TPSPs can enable the organisation to quickly adjust and cut the chain between itself and the third party, reactively eliminating further risk and impact.

If an incident occurs with a critical supplier, organisations must ensure that clear and transparent communication lines are set up to ensure full oversight of the incident and how it might affect the customer.

Building threat intelligence into your DORA compliance journey

Building threat intelligence into your DORA Compliance Journey
The need for continual management to ensure compliance, including regular penetration testing and incident response activities, means that a one-time setup solution is unlikely to be sufficient under DORA. 

From keeping up to speed with your threat landscape to maintaining ongoing information-sharing arrangements, ongoing strategic and collaborative use of expert cyber threat insights will support your DORA compliance efforts up to and beyond the January 2025 DORA deadline.

NCC Group's Global Threat Intelligence team are leaders in supporting regulatory compliance. As qualified experts, we run assessments for many regulatory frameworks such as CBEST, TIBER-EU, AASE, iCAST, ART, and CORIE, as well as DORA.

Matt Hull

Matt Hull

Global Head of Threat Intelligence, NCC Group

Want to learn more?

Get in touch today to discuss how Threat Intelligence or other cyber security services can support your DORA compliance efforts. Or, for a comprehensive evaluation of your DORA preparedness, kick off your compliance journey with a readiness assessment.