Building Cyber Resilience

The Digital Operations Resilience Act (DORA), which applies from 17th January 2025, is an EU regulation relevant to financial institutions. It seeks to establish a universal framework for incident response, risk management and mitigation, and governance regarding the sector’s information and communications technology (ICT).

It covers 20 different types of financial entities and third-party technology service providers, and is an area Vertali is increasingly asked about, and helping clients to achieve. This is an opportunity to improve cyber resilience at a time when the threat landscape is increasingly complex and dangerous. 

Resilience is your institutional capacity to withstand or recover quickly. Backup simply refers to a copy of data made in case the original is lost or damaged. The problem is many people confuse having a backup with having resiliency. They are not the same. Resiliency requires both prevention and recovery; backup is simply a recovery asset. DORA is about security improvement, backup, system availability, and recoverability.

DORA is coming

DORA focuses on operational resilience for the financial sector: strengthening the IT security of banks, insurers, and investment firms. This means that, in addition to providing a guarantee of financial soundness, organizations must demonstrate that their operations can be maintained during severe disruptions caused by cyber-attacks and other ICT issues. The Act applies enterprise-wide and affects all platforms, including the mainframe. 

The ability to perform a surgical or a wholesale recovery, quickly and efficiently, is what resiliency is about. It requires rigorous processes and trusted technology to achieve a fast and complete recovery – when time is of the essence.

The key question to ask is, what problem am I trying to recover from? Ransomware and malware attacks can involve both data and software, so you may have to recover both components independently. Accidental updates probably require only programs or parameters. A widespread recovery required in line with your disaster recovery plan (DRP) is likely a whole-site affair. The first stage is to make sure you are properly informed, then draw up plans and implement automated solutions to close backdoors, enable robust real-time monitoring and alerts, and ensure highly effective granular restore processes with a situational focus.

The Vertali approach to cyber resiliency

An important aspect of Vertali’s day-to-day work is helping organizations to understand their current security stance and potential exposures, and then develop effective cyber resiliency plans so they can continue functioning should the worst happen. 

In this context, we define resilience as the ability to continue carrying out your mission by anticipating and adapting to cyber threats and other changes, and by withstanding, containing, and rapidly recovering from cyber incidents. 

In most cases, warning signs are apparent long before the actual attack. Bad actors were probably in the system for days or weeks. True resilience therefore requires the ability to detect, alert, and intercept wrongful activity before a full-blown attack – identifying unexpected access, malicious changes, and rogue encryptions. From the outset, this calls for an integrated approach, from continuous monitoring onwards. 

Here are four ways in which Vertali can help you to prepare for (and comply with) DORA, actively improving your operational security, and bringing you closer to a zero-trust model. 

Security assessments — it’s important to regularly check and review all security controls so you can protect your systems and data against bad actors, internal threats, and accidental data loss: plugging gaps and strengthening defences against breaches. Assessments should cover all ESMs including RACF, ACF/2, and Top Secret.

Penetration testing — simulating a real-life attack, our two-stage process covers Non Disruptive Data Collection (gathering configuration and security Information) and Penetration Testing ( probing all aspects of your environment intensively to identify ways to elevate privileges). Initial findings are shared immediately. Our approach extends to application pen testing and product pen testing (in fact, we have more experience working with more vendor products in more mainframe settings than any other provider in this space).

Vulnerability scanning — this Vertali service analyses z/OS systems for the backdoors, weaknesses, and vulnerabilities that bad actors exploit. We use Rocket® z/Assure® for scanning and provide you with analysis, reporting, and recommendations. This service contributes to a more proactive security posture, strengthening ICT/operational resilience.

Network discovery and segmentation — while mainframe sites can have a reasonable view of who is using applications at the userid level, many don’t have an accurate picture of network activity. Revealing network activity to and from your mainframe provides valuable insights to help inform and develop your security stance and cyber resilience. Enabling you to enforce network access should you wish, zTrust software also makes network micro-segmentation easy, so it’s a valuable tool for regulatory compliance such as PCI/DSS.

Taking action: getting back on the air fast

Should the worst happen, you need a rapid automated response. For example: ransomware attack? You need integrity monitoring, the ability to detect and intercept, with real-time alerts, and rapid incident forensics. Blitz attack? The ability to intercept malicious activity with the proper thresholds set; to detect, intercept, and suspend/resume. Rogue insider? You want to detect unauthorised changes and identify user behaviour changes, pinpointing suspicious activity. And so on. Solutions are available in all these areas and should form part of an integrated approach. No single vendor can do everything.

DORA is coming and, for most organizations, action is required. A focused and efficient response, giving your operations the resilience they should have in any case, requires three things. 

First, a strong understanding of your current security stance, the evolving threat landscape, and the risks you face. Second, developing effective cyber resilience and disaster recovery plans, working with an external partner if necessary. Third, and following on from that, filling gaps in your provision, exploring and integrating different approaches and solutions to ensure you are (a) digitally and operationally resilient, and are therefore (b) closer to compliance with DORA.

Find out more about Vertali’s security services here.

Vertali has a long pedigree in providing IBM mainframe skills, resources, and software tools to organizations around the world. The company’s mission is to help its clients to reduce risk, work smarter, and deliver their mainframe strategy. www.vertali.com

Leave a Reply

Your email address will not be published. Required fields are marked *