Community
Cyberattacks are costly affairs. However, for some they are more costly than for others. The global average cost of a data breach is $4.88 million but for financial institutions this figure goes way up, with the average cost hitting over $6 million.
The financial services sector has always been a honey pot for hackers with its lucrative assets and highlight sensitive data. And the threat is getting worse.
The rise of Ransomware-as-a-Service (RaaS), AI making attacks easier, and the rise in IoT devices opening up whole new attack opportunities.
To counteract this rising tide, the EU introduced the Digital Operational Resilience Act (DORA) earlier this year - a sweeping regulation that mandates enhanced risk management, incident reporting, and third-party oversight in the financial sector. For financial institutions, compliance with DORA is more than a tick-box exercise, it’s a strategic imperative for operational survival.
Design the roadmap to resilience
DORA’s framework provides financial institutions with a structured path to resilience by requiring institutions to develop comprehensive strategies for identifying, reporting, and mitigating information and communications technology (ICT)-related incidents. In the context of ransomware, the regulation emphasises the importance of early detection, accurate reporting, and verified data integrity.
When a ransomware attack occurs, the initial response window, often within the first hour, is critical. Swift, pre-planned, rehearsed and coordinated actions can mean the difference between a controlled incident and a full-scale operational crisis. As a result, DORA compels financial organisations to establish and regularly test detailed response plans, ensuring staff are trained and roles are clearly defined.
One of the cornerstones of compliance is the ICT risk management audit, which involves identifying all types, locations, and classifications of data and storage infrastructure. To do this effectively, organisations must adopt tools that provide full visibility into their data environments, as this allows for rapid and accurate reporting when incidents occur. These tools can link isolated datasets and apply uniform security policies across hybrid and multi-cloud environments, saving a business large amounts in downtime damages.
See it to secure it
Operational resilience depends on the ability to know where a business' data is, how it’s accessed, and who is using it at any given time. With cybercriminals increasingly targeting critical data sites, IT teams are now required to continuously monitor for infrastructure anomalies.
This is particularly important in cell-level data corruption, a stealthy form of attack where malicious code is embedded deep within databases, lying dormant until it’s triggered to corrupt vital assets. These attacks are difficult to detect and can undermine trust in the integrity of the entire dataset. The key effective countermeasure is to maintain secure, immutable backups that are regularly tested for integrity and can be restored rapidly if needed.
AI plays a vital role here. Modern AI tools can detect anomalies in user behaviour, flag potential compromises, and automate the process of isolating malware-infected backups. By continuously scanning for subtle changes in data patterns, these systems serve as an early warning mechanism, triggering immediate recovery and minimising disruption.
To be effective, backup systems must also be resilient themselves. This means ensuring that storage locations are physically secure, regularly tested, and not connected to the network in a way that would allow them to be compromised during an attack. Immutable storage is increasingly seen as a best practice, as it ensures data cannot be altered once written, alongside encryption in transit as well as at rest.
Ensure a rapid response and real recovery
Once a ransomware attack is detected, a fast response is required. IT teams must act swiftly to isolate affected systems and end-users, minimising the potential spread of malware. Data management tools enable teams to quickly identify which datasets have been accessed or altered, allowing for precise damage assessment and targeted recovery.
If mission-critical applications have been affected, every second of downtime matters. So, even if an organisation were willing to hold their noses and pay a ransom, the decryption delay would be intolerable. Thankfully, newer resilience technologies allow near-real-time application failover to alternative IT environments delivering almost immediate rollback and operational readiness.
And, if backups have been properly maintained, organisations can restore the rest of their data without paying a ransom. However, in order to avoid fines for non-compliance and to assist regulatory investigations, institutions must also be able to accurately report the specifics of the attack, including the strain of ransomware involved and its impact on operations.
Master the power of preparedness
True cyber resilience doesn’t begin in the moment of attack, it starts with preparation. DORA mandates that financial services providers not only implement technical defences but also cultivate a culture of readiness and transparency. This includes having a clearly communicated, continually updated ransomware response strategy that extends to third-party service providers.
Failure to comply with DORA can result in substantial penalties, including fines of up to 2% of global annual turnover. Beyond avoiding financial harm, compliance also offers a strategic advantage; it demonstrates to customers and partners that an institution can be trusted to safeguard sensitive data and maintain operational continuity in the face of threats.
Get ahead
Threat actors are constantly changing and evolving their activities with new approaches and technologies. Financial institutions must match this if they are to mitigate the threat and resulting impact. Cyber resilience isn’t just about a reactive defence it’s also about proactive resilience. And this is where DORA comes to the fore. A clear path that ensures increased visibility, faster response, and a culture of readiness. Financial institutions are not only compliant, they are stronger, fitter, more secure and have the ability to “carry on as normal” after the inevitable attacks, than ever before.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Ruchi Rathor Founder at Payomatix Technologies
11 June
Zurab Ashvil Founder & CEO at T3RRA Ltd
09 June
Bekhzod Botirov Сo-owner and member of Supervisory Board at PayWay
06 June
Priyanka Rao Content Strategist at Jupiter Money
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.