days until DORA is in effect on January 17, 2025. Download your cheat sheet here.
Countdown to DORA Enforcement: Timely, Comprehensive Incident Reporting
The Digital Operational Resilience Act’s (DORA) January 17, 2025 effective date is closing in. Ahead of the enforcement deadline, financial firms doing business with companies based in the European Union must address several key factors, including establishing and maintaining a robust incident reporting framework, requiring a better understanding of how data and processes can serve as the foundation for more proactive incident response and necessary reporting.
Incident reporting is especially critical on the heels of last week’s CrowdStrike outage impacting systems operating on Windows 365 and Microsoft Azure, derailing business operations for global banks, airlines and other critical organizations and causing major delays impacting customers. The widespread outages experienced as a result of the faulty software update underscore the importance of having a system in place to report degradations of services, whether driven by IT issues or a cyberattack.
DORA Raises the Bar for Incident Reporting
While ECI doesn’t rely on CrowdStrike, the event’s impact on Microsoft Azure did affect clients, showcasing how widespread the fallout of cyber incidents can be. This impact demonstrates the need for all organizations to bolster their incident reporting, as DORA is intended to address, so that these events can be identified and remediated before they impact customers.
DORA dramatically raises the bar for incident management classification and reporting. Firms must have a documented incident response process detailing how they detect incidents, manage notifications and carry out such reporting. Additionally, as detailed in Chapter III, the DORA regulations dictate that “financial entities shall report major ICT-related incidents (including) all information necessary for the competent authority to determine the significance of the major ICT-related incident and assess possible cross-border impacts.”
This proper incident reporting must include identifying root causes in addition to mandating that companies establish a risk register for ICT related risks and determine their impact to the organization. Once established, this register must be periodically reviewed and agreed upon by key stakeholders. Furthermore, all major incidents must be reported via an incident report document to regulators and affected clients.
For many firms, meeting these stipulations requires teams to solve major challenges around both data and business processes. Failure to understand data, its relevant business context and the ways in which an organization uses its data for organizational workflows and processes will breed trouble when it comes to detecting and reporting incidents, including their nature and criticality. This lack of understanding also makes it difficult to assess risks proactively, underscoring the importance of strong incident reporting founded on a more powerful approach to leveraging data for insight and proactivity in documenting incidents.
How eXtended Detection and Response (XDR) Enhances Incident Reporting
To comply with DORA requirements, a firm’s approach to incident reporting must empower teams with a deeper understanding of data and processes. This can inform stronger and more proactive capabilities for contextualizing alerts and documenting issues. Such capabilities become possible when organizations embrace an advanced approach to eXtended Detection and Response (XDR).
Gartner defines XDR as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” A vendor-agnostic, cloud-based XDR platform can ingest data from everywhere and generate highly contextualized security alerts for SOC teams to analyze and act upon.
XDR is critical to incident reporting is because its advanced capabilities can help firms achieve a high degree of precision when contextualizing and documenting security alerts and incidents. As organizations recover from the CrowdStrike outage, they must ensure they’re understanding the full scope of what the incident impacted and should do so through the combined use of a business impact analysis driven by analytics from a strong XDR detection tool. For instance ECI’s XDR solution includes AI-driven behavioral analysis to help SOC teams flag suspicious patterns, such as late night logins or impossible travel by an employee account; and our risk assessments can flag multiple alerts (late night login and impossible travel) for added criticality.
This same level of sophistication can be applied to understanding and documenting risk. For instance, the risk to proprietary or personally identifiable information (PII) in business contracts may be different depending on how that information is gathered and managed. If contracts are executed via email, major risks will likely include business email compromise and social engineering attacks; if using an electronic signature vendor, protecting against third party risk would be of more relevance.
Further Enhancing Incident Reporting with the ECI MXDR Platform
An advanced XDR platform can perform the above functions and capture all the necessary information to easily report incidents to DORA authorities – all while documenting the firm’s underlying processes and reporting framework for doing so. Best of all, ECI offers a Managed XDR (MXDR) solution that further simplifies and strengthens the XDR deployment for alternative investment firms of any size.
Our MXDR platform facilitates incident reporting by deploying XDR with the support of ECI as trusted IT partner to manage the integration and configuration tasks required to get the most out of the XDR investment. Reports are more accurate, timely and contextualized thanks to AI/ML tools for automated alert management that quickly isolate the most important alerts and eliminate false positives, duplicative alerts and other noise.
These capabilities are managed on an ongoing basis by seasoned IT professionals making constant adjustments to monitor threats and add protections to safeguard systems from incoming attack. Throughout, our MXDR solution is informed by the best threat intelligence tools available, such as the MITRE Attack Framework and our subscription to the highly-specialized Financial Services Information Sharing and Analysis Center (FS-ISAC) and other feeds.
Taken together, these capabilities position firms to easily meet and exceed DORA’s requirements for incident reporting, and do so quickly so that firms can be up and running with a compliant reporting framework before the upcoming January 17 deadline. Our next post in this series will turn the spotlight on how firms can meet DORA’s mandates for a Digital Operational Resilience Strategy.