Banks and their IT providers will soon face greater scrutiny in the European Union.
This is due to the Digital Operational Resilience Act (DORA), which was passed last year but isn't scheduled to go into effect until January 2025. In a report on Thursday (August 8), CNBC examined the impact of the law, especially in the wake of last month's CrowdStrike outage.
DORA requires banks to implement rigorous IT risk management, resilience testing of digital operations, information and intelligence sharing on cyber threats and vulnerabilities, and measures to manage third-party risks.
Additionally, the report notes that companies should assess “concentration risk” regarding outsourcing critical business functions to third-party companies.
Joe Vaccaro, general manager of Cisco-owned internet quality monitoring company Thousand Eyes, told CNBC that these IT providers often “provide critical digital services to their customers.”
“These third-party providers will need to participate in a testing and reporting process, which means financial services firms will need to put solutions in place that help them discover and map hidden dependencies with providers,” Vaccaro said.
He added that lenders “will need to expand their capabilities to ensure the delivery and performance of digital experiences not only on infrastructure they own but also on infrastructure they don't own.”
As the report notes, DORA is aimed at helping banks avoid incidents like the massive IT outage last month when a faulty software update from cybersecurity provider CrowdStrike crashed Microsoft Windows systems at airports, hospitals and financial services companies.
The outage is still affecting the airline several weeks later, with Delta Airlines cancelling more than 5,000 flights after the outage, saying it will cost the airline $500 million, and threatening legal action against CrowdStrike.
CrowdStrike fired back at Delta's claims on Sunday (August 4), arguing that the company took responsibility for the outage but denied any liability for Delta's IT decisions, and noting that “Delta's competitors who faced similar challenges all restored operations much faster.”
As PYMNTS wrote earlier this week, the incident highlights the importance of third-party vendors, such as cloud service providers and IT companies, in maintaining a resilient infrastructure.
“In a complex ecosystem, you're likely to have more partners than you've ever had before,” Larson McNeil, co-head of marketplaces and digital ecosystems at JPMorgan Payments, told PYMNTS. “You need to understand your industry and the different players within the ecosystem. And as the complexity increases, you need to understand the risks and opportunities that it presents to your business.”
See more: banking, banking, CrowdStrike, Crowdstrike outage, cybersecurity, Digital Operational Resilience Act, DORA, EMEA, European Union, IT, IT Security, news, PYMNTS News, regulation, security, software, trending topics
Source link
