Identity and resilience: Navigating the DORA compliance maze
"Combatting ICT risks associated with overprovisioned identities must be a top priority in order to properly secure financial services firms."
In a world increasingly fuelled by AI, cybercriminals have never been more persistent in their hunt for sensitive data. With more powerful tools in their arsenal, enabled by the proliferation of AI technologies, hackers are employing ever more sophisticated tactics in the pursuit of financial returns, and no industry is untouchable.
With AI tools at their disposal, bad actors are increasingly leveraging this technology to compromise user credentials, if access points aren’t adequately protected. With its vaults full of lucrative, confidential data, the financial services industry is a top target for attack.
Amid this wave of malicious AI-enabled cybercrime, the EU’s new Digital Operational Resilience Act (DORA) has arrived at a crucial time. With
nearly 50% of financial organisations surveyed reporting a security breach in the past two years, DORA aims to strengthen the sector’s security hygiene and enforce preventative measures to fortify financial services against the influx of threats.
Under DORA, financial institutions operating in the EU, along with their third-party information communication and technology (ICT) providers, must comply with new technical requirements designed to help organisations recover from cyber risks.
With threat tactics likely to evolve as we move further into an AI-powered world, DORA compliance is vital for securing one of our most critical and trusted industries. As such, organisations must establish clear policies for managing ICT risk, particularly those related to outdated systems and unauthorised access.
Supply chain pain
Cyber risks in financial services have been heightened by the growth of large and often complex supply chains. Aided by acquisitions or growth with partners, larger supply chains allow for more identities to operate freely within the chain – often unchecked.
This rise of temporary employees, partners, and contractors entering systems means identities can easily fly under the radar, leading to security risks like ‘overprovisioned’ access. In fact, nearly 80% of financial organisations surveyed are concerned about vulnerabilities resulting from overprovisioning of non-employees, according to our research.
READ MORE: Defending DORA: New approaches to securing financial services
This lack of visibility can leave gaps in security posture, increasing the risk of identities being compromised by bad actors, or unintentional mishaps from users with too much access, such as accidental misplacement or deletion of files.
This identity challenge is heightened by the rising number of applications users typically need access to, and the range of entitlements that must be managed. For already stretched IT teams, this can create an overwhelming burden. More than half (53%) of financial services firms are grappling with too many manual processes, not to mention legacy tools. The manual management of hundreds of users often results in loosely controlled access, poor oversight, and increased cyber risk. Without modern identity security solutions, this task becomes nearly impossible.
Overprovisioning: A recipe for disaster
Combatting ICT risks associated with overprovisioned identities must be a top priority in order to properly secure financial services firms. ICT teams must carefully control which identities in their supply chain have access - to what, when, and for how long. Access should be granted strictly on a need-to-know basis, with rigorous management of onboarding, offboarding, and the entire identity lifecycle.
AI can serve as an effective partner to reduce manual pressures. Technology such as AI-enabled identity security can automate these tasks and seamlessly manage access requirements in real-time.
READ MORE: The DORA explorer: A Compliance Day guide to new EU regulations
This real-time oversight enables IT teams to better manage the surge in identities needing access to different applications, ensuring that each identity only has as much access as is required to perform their role.
By leveraging this technology, financial organisations reduce their attack surface, enabling easy and early detection of suspicious and unusual behaviour. This helps to ease the burden on IT teams as well as support compliance efforts.
The crucial mix: Strength, clarity, resilience
While preventative measures can reduce the risk of security breaches, they remain an unavoidable reality. To comply with DORA, financial firms should standardise ICT-related incident management and reporting processes to gain insights into how incidents occur, and the roles of users involved. In the event of a breach, it is crucial to collect and share detailed information to identify attack patterns and bolster cyber resilience.
To effectively mitigate threats, compliance must transcend mere checkbox activities. It should be complemented by additional security measures, such as AI-enabled identity security, which will be pivotal in providing greater visibility over ICT risks.
With attacks growing in scale and severity, clear oversight of all users, and the ability to manage who has access to what based solely on their role requirements across the entire supply chain will be essential for financial services organisations to close security gaps and bolster resilience against suspicious activity.
Mo Joueid is an identity security consultant at SailPoint
