DORA is an EU regulation intended to ensure that financial institutions follow strict rules for protecting their operational resilience, specifically around ICT risk. Monica Oravcova, COO and Co Founder of cyber security firm Naoris Protocol, writes that:
Resources may be an issue
While DORA goes a long way to ensure that there is corporate accountability when handling data, it will need massive human resources to ensure compliance. Legislation without monitoring and evaluation of results is an exercise in futility. A skilled and well-resourced team of officers will be needed to enforce the rules. Concerns have been expressed about the sheer volume of people that will be needed to monitor the hundreds of thousands of companies that handle peoples data. There are many layers of complexity to navigate.
Not only do many businesses operate on a global scale but they have both virtual and physical offices, and they may also have hundreds of partners or sister companies in their structures. Without a large team of officers in place, monitoring companies looks like an insurmountable challenge. The only solution that makes sense is the adoption of a hybrid model, where companies agree to a set of self-regulatory standards and then work in tandem with the regulators on reporting.
The war against cybercrime needs new weapons
DORA does not lay out what methods should be employed in order to achieve a higher capability of threat mitigation. There has been limited discourse about how new generation technology can play a role in the cyber security space. When we look at web3 and the existing solutions that are being presented, they are totally inadequate because we are playing a game of apples and pears. The typical narrative still focuses on centralised security solutions.
Addressing multiple points of failure
We are dealing with multiple points of failure. In the past companies could manage their cybersecurity within its borders. Now we have remote workers with personal devices that are exposed. Connected mobile devices, IoT, cloud servers, social media networks and collaboration tools, are all potential gateways for criminals. The only sensible way to mitigate this is to secure the gateways, and this requires a paradigm shift. The technology being developed by Naoris Protocol may be core to addressing the problems that prevail in traditional and web3 financial cybersecurity.
Reactive approach to fighting cyberthreats is no longer useful
When a professional cybercriminal can purchase malware software for as little as a few hundred dollars on the dark web, and can hack into some enterprise systems in under an hour. We can’t do blow by blow retaliation, we have to change the game in its entirety.
Until we move towards proactive and away from reactive solutions that mitigate risk, we will continue to tread water in the fight against cybercrime. As it stands, cybercriminals have the upper hand, however we believe the trajectory of cyberthreats will turn if we can achieve two main goals; turning every device into a soldier against an attack and helping individuals see how important their role is in prevention. Humans still account for over 90% of the breaches, so helping individuals develop a cyber security mindset will also be a powerful weapon in the arsenal of cybercrime prevention.