Cyber Wednesday - DORA and the Growth of Threat Intelligence in the Financial Sector

The monthly roundup of news and trends from the Cyber Security market, by STIM Tech Group's CyberSec team

In addition to the NIS2 Directive, which we discussed in the previous Cyber Wednesday meeting., another key regulation taking hold in the European Union is the Digital Operational Resilience Act (DORA), specifically focused on the financial sector.

The complexity and sensitivity of the financial sector, combined with its dependence on technology, make robust cyber security regulations essential.

What is DORA?

DORA is a piece of legislation proposed by the European Commission that aims to ensure the digital operational resilience of the entire financial services sector within the EU. This regulation sets strict standards for financial institutions, ensuring that they are prepared to deal with cyber threats and can continue to operate in the event of an incident.

Threat Intelligence and OSINT Collections

One of the key aspects of ensuring operational resilience is Threat Intelligence. As discussed earlier, Threat Intelligence provides vital information about potential threats. A key component of this intelligence isOpen Source Intelligence (OSINT), the collection and analysis of information from publicly available sources such as websites, forums, social media, and more.

In the context of DORA and the financial sector, OSINT collections are critical, as threat actors often discuss, plan, or allude to their attacks in public online spaces. Identifying these discussions in advance can provide financial institutions with early warning and a chance to defend themselves.

OSINT and TIBER-EU famework.

Threat Intelligence-based Ethical Red Teaming for the European Union (TIBER-EU) represents the European framework to guide financial institutions in organizing and executing threat intelligence-based red team testing. This approach aims to assess the resilience of financial organizations against advanced and persistent cyber threats.

In TIBER-EU, red teaming goes beyond traditional Penetration Testing. While Penetration Testing focuses on specific vulnerabilities, red teaming attempts to simulate an actual advanced, targeted attack.

This means that red team exercises are based on real techniques, tactics, and procedures (TTPs) used by threat actors. Threat Intelligence plays a crucial role in the TIBER-EU process: before red teaming drills are executed, a thorough threat analysis is conducted to identify real threat actors and their TTPs. This threat intelligence gathering and analysis phase helps design red teaming exercises that simulate realistic attack scenarios relevant to the target organization.

In the context of TIBER-EU, OSINT can be used to gather preliminary information about the target organization (such as details about employees, technology infrastructure, partners, etc.) that could be exploited during the red teaming phase.

The TIBER-EU framework emphasizes the importance of taking a holistic approach to cyber resilience, incorporating not only practical testing, but also threat intelligence and a deep understanding of the threat landscape. The ultimate goal is to improve the preparedness and resilience of the entire European financial sector against cyber threats.

The Evolution of Cybersecurity in the EU: The Role of Threat Intelligence and the New Directives

In the current global scenario, the transition to an increasingly digitized era has brought with it countless benefits, but it has also exposed organizations and individuals to increasingly sophisticated cyber risks. The European Union, recognizing the potential threats of this new reality, has taken significant steps to strengthen its security posture.

The emergence of directives such as NIS2 and DORA underscores the EU's proactive approach. While the NIS2 Directive targets a wide range of sectors, extending its scope to ensure a secure European network, DORA specifically targets the heart of the economic system: the financial sector. The sensitivity and complexity of this sector requires specialized measures, and in response, DORA imposes stringent standards to ensure that financial institutions are prepared for any type of cyber threat.

But what is really driving this evolution? The answer lies in the power of Threat Intelligence. In an environment where threats can emerge from any corner of the web, having timely and detailed information about potential attacks becomes essential, Threat Intelligence does not just provide data; it enables organizations to interpret, anticipate and act.

In this system, OSINT is a key pillar: public sources, such as forums and social media, can become veritable treasure troves of information if analyzed correctly, revealing adversaries' moves before they can strike.

Ultimately, the road to a digitally secure and resilient EU is strewn with challenges. However, with the adoption and implementation of directives such as NIS2 and DORA, coupled with the continued support of bodies such as Tiber-IT and backed by the power of Threat Intelligence, the EU is positioning itself as a global leader in protecting cyberspace.

The goal? To ensure a future in which digitization and security go hand in hand, benefiting citizens, organizations and nations.

Back
Back

Cyber Wednesday - TIBER-IT: the initiative for greater cyber resilience of the Italian Financial Sector

Next
Next

Zero-Day Exploits and Vulnerability Management: how to elevate enterprise cybersecurity