Business
DORA Compliance in Financial Organisations: What You Need to Know
Source: Finance Derivative
Nick Hogg, Director of Security Training, Fortra
The regulatory landscape is tightening for European banking, financial, and insurance institutions. Besides adhering to various local and global legislations, these organisations must prove compliance with the Digital Operational Resilience Act (DORA) by 17 January 2025. DORA “sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.”
This deadline will occur almost a year after the due date for PCI DSS 4.0 compliance and serves as a reminder that as the threat landscape evolves, so does the legislative one. Both DORA and PCI DSS 4.0 present excellent opportunities for financial organisations to re-evaluate their procedures for all compliance legislation and security requirements.
What can financial institutions do to ensure they are compliant?
Scoping and identifying overlap
The first step is identifying the risks faced and establishing the appetite for risk. Once these have been identified, organisations can then look at their existing policies, processes and defences to understand where existing elements can be reused or adapted to reduce the burden on the business. These steps will assist with prioritising projects and spending to ensure efficient use of resources.
Understand your environment
Having clear and consistent visibility into your infrastructure, whether on-premises or in the cloud, is essential to understanding whether something is at risk or poses a threat. Vulnerability scans, penetration testing and red team exercises are tools and techniques that help businesses identify those gaps that can be improved. Increasing the frequency of these scans and using automation to run them on a repeatable basis will help to lessen the impact on the teams involved. This increased visibility can help a company to respond to the small changes and risks swiftly. Financial organisations must also account for the internal changes that may cause a system to break or halt. Configuration change management and file integrity monitoring can help to reveal exactly what has changed, when, and who has made the change to avoid mistakes from crippling an entire organisation.
Business continuity and resilience
While prevention is an essential strategy, organisations cannot stop 100% of compromises and preparing for when something slips through the cracks of security controls is key. All the regulatory frameworks recognise that organisations will eventually experience some compromise or downtime, so balancing prevention with response strategies is a mature approach to security and compliance.
Treat internal and supply-chain risks
It’s important to mitigate the threats to infrastructure and software that might damage resilience. A simple inattentive moment can result in an employee clicking on a malicious link or opening an infected attachment. The best way to prevent this is to make security a constant presence, both technically, and logically. Technical data loss prevention tools, as well as security awareness training can augment existing controls.
Another necessary component for mitigating these threats is focusing on the third-party supply chain, which is also a critical ingredient of DORA compliance. Businesses must get visibility into the risks from suppliers and partners, especially those from software or applications. This is best achieved with careful review to make sure that these external parties meet the standards of the hosting organisation.
Discover hidden vulnerabilities
Financial organisations must invest in vulnerability scans and pen testing to ensure ongoing compliance and solid risk management. Both are valuable tools because they give a complete understanding of the posture and the gaps. They provide valuable insights and information that security teams can leverage to strengthen compliance security and get buy-in from the executives to allocate budget and resources to implement projects. The data from these scans and tests can also become instruments to help re-prioritise tasks and projects because they provide a more representative glimpse of what could happen if an attacker exploits these risks. Pen tests and vulnerability scans can determine the real-world impacts that may not be realised in a risk assessment.
Partner with a managed service provider
Another important consideration is evaluating whether a financial organisation has the capacity to become compliant or needs to hire additional resources. Buying the tools required for security and compliance is just one step. Organisations also need to consider the ongoing administration and management that will result from these additional resources. Hiring security professionals to build a security team is hard, and organisations must provide training to retain them. This is the best time for financial companies to consider managed security services, like detection and response, or data loss prevention. A managed service provider greatly extends the existing security team and is a cost-effective approach to security and compliance.
Train your employees
Financial organisations must also focus on training their employees about security awareness. A good strategy is to focus on one topic a month and avoid overloading people with acronyms and technical jargon. The content must be relative to the employees’ day-to-day operations and provide the context required to understand why a lack of security can cause a massive problem for an organisation.
Build additional layers of defence
Training is enormously effective; however, businesses need additional layers of defence to fortify themselves against evolving threats. These technology layers can help detect phishing emails, ransomware, and malware, and prevent an attack from crippling the infrastructure, or the ability to do business.
DORA compliance is a strategic advantage
Being DORA compliant is a strategic advantage in a highly competitive world. The date for compliance with DORA will come round quickly, and companies should begin their journey today. As there is much overlap with other regulations, these institutions can orchestrate their daily activities and projects to maintain compliance and security. Taking this approach indicates that your organisation respects your customers’ needs and provides them with the safest environments possible.
You may like
Business
Need for speed: The importance of businesses acting fast!
John Kelleher, VP UKI & ME, UiPath
With significant economic disruption over the past few years, the ability to adapt to changing circumstances quickly has never been more important for businesses. Increasingly, there are instances of sudden pressure on organisations to adopt the latest technology, such as the push to move to cloud computing models or embrace artificial intelligence (AI).
In the past couple of years, the AI industry has thrived as the technology becomes indispensable for businesses. From chatbots to aid customer service interactions, to machine learning models that produce accurate financial forecasts, AI has found a place in all areas of business.
Soon, AI will become the standard customers expect, meaning organisations must adopt it at pace. Those who manage to implement the technology correctly will reap benefits in productivity, employee satisfaction and, ultimately, profitability. But to do this, organisations need to transform how they operate.
Customers won’t be patient
In an AI-driven world, patience is a virtue of the past. The expectations of service delivery and response times have drastically changed as the norm becomes swift response times delivered from digital-first organisations.
Customers continue to prioritise convenience with the purchases they make and demand more from the organisations they are loyal to. This ‘convenience economy’ is also lucrative for businesses as customers are willing to pay a 5% premium for convenience, which rises among younger consumers.
With these customer demands, the convenience attached to a business is a point of differentiation in a competitive marketplace. However, it is not possible to provide a service at pace unless the business offering it is set up in the right way.
The important takeaway from this is speed should be the top priority for businesses. With companies across all industries increasingly adopting AI to transform the services they offer, and the experiences customers have, convenience is no longer a competitive differentiator – it is a necessity. Businesses need to get ahead of the curve to ensure they don’t lose out to competitors.
Speed as a core business value
The capacity for your business to respond quickly to emerging market conditions and offer innovation at pace doesn’t only influence the experience for customers, but is transformative to how a business operates. Promoting speed and flexibility in internal business operations can support organisations to adapt quickly to any external challenges and uncertainties faster than their competitors.
Supply chains have experienced significant unforeseen disruption in recent years, and this has caused shortages, delays, and increased costs. For companies to stay ahead in this increasingly volatile environment, they must be prepared for uncertainty and be able to adapt to deliver at a fast pace for consumers. Across uses such as inventory management, supplier analysis and demand forecasting, AI can be an effective tool in boosting speed, in both issue identification and handling possible fall out should something go wrong. We’re already starting to see new expectations being set for supply chain organisations in response to this, with 50% expected to invest in AI and advanced analytics to prepare themselves for unexpected delays and disruption.
Another area speed is invaluable to is complying with increasingly complex regulation. Around 34% of businesses globally are using AI for regulatory compliance already, and businesses need to maximise this opportunity. The ripple effects of falling behind on compliance can’t be overstated. From adjusting privacy protocols and HR policies to incorporating updated environmental guidelines, move too slowly and you could see heavy fines, legal repercussions or a tarnished reputation.
AI and automation are key to accelerate business functions
AI and automation are key to helping organisations streamline processes and innovate faster. By simplifying how a business operates and reducing time spent on repetitive work, 90% of employees report a significant boost to productivity. Further, AI and automation can help predict and manage employee’s workloads better. If provided with the right data, AI algorithms have the capacity to predict and offer recommendations on business decisions, helping to eliminate crunch periods.
Integrating AI into your business’s workflows provides flexibility, productivity, and the capacity to handle unanticipated events. Companies will be able to respond faster to changes and manage their operations better and, as AI and automation are used to remove the repetitive drudgery from people’s work, employee satisfaction will improve.
Harnessing efficiency to maximise opportunity
Investing in AI and implementing it quickly is now a business imperative. Businesses in the UK are increasingly open to using AI as the number of UK AI companies has grown by over 600% over the last 10 years. Rapid implementation of AI not only enhances efficiency but also ensures companies can capitalise on new opportunities before other competitors do. Those who take advantage of AI will be better prepared to anticipate trends, refine the customer experience and improve their bottom line.
Operational efficiency creates a more favourable cost structure and boosts margins. Ensuring compliance mitigates risks and helps companies avoid fines and reputational harm while streamlining customer service not only lowers costs and reduces turnover but also strengthens customer retention and acquisition, driving top-line growth.
Today, more than ever, time is money.
Business
Wearable AI: How to supercharge adoption of consumer wearable devices
By Kevin Brundish, CEO of LionVolt
As we look toward the future, the global wearables market is projected to reach $265.4 billion by 2026. This growth is further fuelled by advancements in AI, which promise to enhance the functionality and performance of wearable devices. For instance, in the healthcare industry, artificial intelligence (AI) may use the massive volumes of data gathered by wearables to communicate with patients and offer precise diagnosis, advice and support.
Despite the remarkable features and capabilities of modern wearable devices, battery life remains a significant challenge. Most smartwatches, for example, still struggle to last a full 24 hours, making it difficult for users to monitor sleep patterns and daily activities continuously without frequent recharging. With the use of AI and applications that demand increasing amounts of data, this limitation prevents wearables from becoming fully integrated tools in our daily lives.
Advances in battery technology are looking to address this issue. At LionVolt we are working on a 3D lithium-metal anode technology which helps to significantly enhance lithium-ion battery performance.
Smaller Batteries, Same Energy
The most significant advantage of lithium-metal anode batteries is their ability to provide the same energy from a smaller size battery. This gives designers greater freedom and opens new possibilities for wearable technology by enabling the miniaturisation of existing wearable designs. In addition, lithium-metal anodes may allow manufacturers to lower overall prices by moving away from costly cathode materials they use now, to cathode materials being used in automotive industry, where there is a cost advantage through economies of scale.
Higher Energy Density and Faster Charging Times
When we compare conventional lithium-ion batteries to lithium-metal anode battery technology, the lithium-metal anode batteries have a superior energy density. For users of wearable devices, this translates to longer usage periods and fewer charging interruptions as well as faster charge times, which minimises downtime and guarantees that gadgets remain operational when needed.
Enhanced User Experience
Fast charging periods and increased energy density which is key to longer usage periods improve wearable technology’s overall performance, enabling consumers to maximise its benefits without sacrificing dependability or quality
Lithium-metal anode powered batteries also improve wearable gadgets’ dependability and durability. Users can count on their wearables to function reliably day or night and to enable a variety of applications, such as health monitoring and exercise tracking. These batteries are made to endure the demands of regular use, guaranteeing that gadgets continue to be reliable and operational for long stretches of time.
The use of the highest performing materials in wearables typically comes at a high cost. However, with the advancement of new technology, it becomes possible to utilize more widely available and cost-effective anodes without compromising on performance. This approach allows for the efficient operation of wearables while also offering a cost benefit, addressing the economic challenges associated with high-performance materials.
Overcoming Adoption Barriers
One of the key reasons for the slower adoption rate of consumer wearables is the charging rate. The utility of these products can be increased, along with their consumer appeal by extending their battery life and charging timeframes. The advantages of the next generation of batteries—faster charging, longer battery life, and improved device dependability—can greatly accelerate wearables’ uptake.
Advancing Wearable Technology
By tackling the crucial problem of battery duration, coupled with a fast charge capability, lithium-metal anode technology would propel the wearables business forward. An emphasis on sustainability and safety guarantees that these developments help both consumers and the environment, while our smaller, more efficient batteries provide designers the freedom to develop creative new gadgets.
Transforming the Landscape of Wearable Technology
Lithium-metal anode battery technology brings numerous benefits to the consumer wearables sector:
- Longer Battery Life: Wearable devices will last much longer on a single charge, addressing a significant pain point for users.
- Increased Monitoring Time: Faster charging means users can monitor their health and activities for extended periods without interruption.
- Reduced Equipment Needs: With longer battery life and faster charging, users will need fewer duplicate products to cover charging times, simplifying their tech ecosystem.
Imagine being able to monitor your heart activity and more to manage health conditions without worrying if your device has enough power? With improved battery longevity, users can rely on their wearables for consistent health insights, making it easier to identify trends and make informed lifestyle changes. This seamless integration into daily life not only promotes better health management but also empowers users to take proactive steps towards their well-being.
These enhancements not only improve the user experience but also pose the potential to increase the adoption rate of consumer wearables.
Looking Ahead: Shaping the Future of Wearable Technology
Wearables have a bright future because of AI and cutting-edge battery technology, which will greatly enhance their usability, dependability and functionality. The next generation of batteries are revolutionising the wearables market and paving the way for a new era of technological innovation by emphasising sustainability, increased energy density, quicker charging times, and improved safety features.
Business
The Future of Observability: Empowering businesses through data-driven transformation
Karthik SJ, General Manager AI, LogicMonitor
The tech industry is at the cusp of a revolution, where digital transformation has shifted from aspiration to necessity. At its heart lies observability – a critical enabler for organisations navigating the complexity of modern IT infrastructures. Observability goes beyond monitoring systems or tracking performance; it transforms vast streams of system data into actionable insights that drive real-time decisions, improve operational efficiency, and ensure business resilience.
Observability: The foundation of digital transformation
The digital transformation journey requires businesses to adopt a more sophisticated approach to managing their IT ecosystems. As organisations scale and evolve, they rely on a growing array of technologies, from cloud services to hybrid infrastructures, microservices, and containers. Parallel to increasing complexity, is a need for more granular visibility into system performance, security, and user experience.
This is where observability becomes essential, unlike traditional monitoring which typically tracks basic metrics like uptime and system health, observability provides a much deeper understanding of how systems are functioning and why. It enables businesses to not only detect issues but also diagnose the root causes, empowering data-driven decisions that improve performance across the organisation.
Converting raw data into insightful knowledge is vital in a world where companies need to function more quickly and efficiently. Beyond simply detecting issues, observability’s power lies in its ability to help organisations foresee problems before they cause operational disruptions. This proactive strategy helps businesses maintain uptime, optimise resources, and, ultimately, deliver superior customer experiences.
The rise of AI-powered observability
As organisations grapple with increasingly complex hybrid IT environments, AI-powered observability has emerged as a cornerstone of innovation. These solutions go beyond ensuring uptime-they provide actionable intelligence that enables businesses to optimise IT operations and address challenges proactively. With 68% of organisations leveraging AI tools for anomaly detection, root cause analysis, and real-time threat detection, the demand for advanced observability tools is surging. This trend reflects a growing recognition that these tools are no longer just a technical necessity but a strategic enabler of business success. Observability empowers enterprises to stay ahead by driving efficiency, resilience, and adaptability in an ever-evolving digital landscape.
The path ahead: The convergence of AI and observability
As we approach 2025, businesses harnessing AI-powered observability are poised to gain a significant competitive edge over those still relying on traditional monitoring solutions. This shift is underscored by the fact that 81% of enterprises plan to boost their AI investments in the coming year focusing on predictive analytics, automation, and anomaly detection to further optimise data centers and support AI-driven innovation. The integration of AI with observability is not just about identifying problems – it’s about enabling businesses to anticipate challenges, enhance operations, and sustain a competitive edge.
For LogicMonitor, the coming year is about driving innovation in an industry that’s evolving as fast as our customers’ needs. By working closely with our clients like TopGolf and Franke, we’re helping them navigate this transformation with confidence. As observability technology becomes increasingly essential, we’re committed to empowering businesses to thrive without being held back by technological limitations.
Observability’s ever-more-important role in 2025
As 2025 approaches, observability is set to become even more integral to IT operations, compliance, and innovation. Regulations like the EU’s Digital Operational Resilience Act (DORA) which mandates robust ICT risk management and incident reporting for financial services,highlight the critical need for continuous observability throughout the development cycle. This shift will accelerate the adoption of Observability-Driven Development (ODD), a strategic approach to managing the complexities in distributed systems and microservices architectures.
The expansion of observability is driven by the increasing necessity to monitor applications, infrastructure, and services across diverse and dynamic environments while staying resilient and improving customer experience. As data volumes grow, organisations will face increased scrutiny over observability spending, making it even more crucial that they align with regulation to enhance operational resilience and compliance. AI-powered observability systems will continuously learn from new data, user feedback, and past incidents, allowing them to improve over time and become more accurate and effective at identifying anomalies, reducing noise, and pinpointing root causes.
One thing is clear as the observability landscape develops further: businesses that make investments in cutting-edge, AI-powered observability solutions will be better prepared to meet tomorrow’s problems and thrive in the rapidly shifting digital economy.