2. CyberSecurity Is nolonger an option for business
Over time, cyberattacks on financial companies have increased in sophistication. Cybercriminals are now attacking
financial institutions with very advanced methods like ransomware, social engineering, and machine learning.
Cyberattacks have now joined in 2024 the top 5 global risks that could present a material crisis for organizations.
Data breaches have become an expensive setback for many organizations, with the global financial sector experiencing
an average cost of nearly 5.97 million U.S. dollars per breach. As these numbers continue to rise, it’s clear that the task
of protecting sensitive customer data grows more complex and demanding
https://phoenix.security/dora-implementation/
3. CyberSecurity
What are the challenges ?
Sophisticated
cyberattacks
Access to Data
New disruptive
technologies
Third party
Integration
Complex
Architecture
Lack of Skills
Regulatory
constraints
Our mission is to protect our customer data from
Theft, Loss, Unauthorized access or Fraud despite the increasing challenges.
4. CyberSecurity
Understand your environment
The digital finance sector faces a continuous and evolving cyber threat landscape, where malicious actors constantly rely on advanced &
sophisticated techniques to exploit vulnerabilities and compromise the security of financial institutions, transactions, and sensitive
customer data. As you cannot protect what you don’t know, it’s becoming crucial to understand our environment and corresponding threats
and actors. There are many Cybersecurity Frameworks to support in assessing your environment and providing security measures to better
protect customer’s data.
https://finance.ec.europa.eu/digital-finance/cyber-resilience_en
Know your threat landscape …
Data breach Data Loss Ransomwares Insider threats Supply chain Regulatory
Know your control environment (As-Is situation)
Level 1
Level 2
Level 3
Level 4
Level 5
Choosing the right Framework
https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework/choosing-right-cyber-fundamentals-assurance-level-your-organisation
3
1
2
5. Since each organization will have different Business Objectives, a different strategy, a different Risk exposure, a different
control environment maturity, different resources, each board needs to set its own direction and tone for the cybersecurity
journey. Obviously
o the roadmap
o the budget
o the timeline
o the governance
o …
to reach the target should also be specific to the organization. A strong support from the senior management is not optional.
CyberSecurity
The path to reach the target
There is no wrong strategy…
Nevertheless, the target will not be reached without:
o A strong sponsorship by the Senior Management
o A clear commitment on the Risk Appetite
o A clear communication about the priorities
o An adequate resources to get the best results
o A continuous monitoring of the control effectiveness
o A transparent report towards the key stakeholders
There are different ways to go to the moon
As-IS
To-Be
Think big, Start small and grow fast …
6. 6
CyberSecurity is not a one-shot program, as the threat landscape is constantly evolving, and the target is moving, we must keep
Monitoring – Measuring – Testing - Remediating – Reporting
CyberSecurity
@DegroofPetercam – It’s a never-ending story
7. CyberSecurity
As a bank we expect from a Fintech …
https://finance.ec.europa.eu/digital-finance/cyber-resilience_en
• Follow GDPR requirements
• Encrypt active data (at-rest & in motion)
• Isolate and Encrypt backups
• Support any kind of authentication (MFA)
• Implement a patch management process
• Secure your entire Development life cycle (SDLC)
• Train your employees via a security awareness program
• Regularly perform Pentestings on critical & exposed systems
• Incident Management process in place
• Monitoring & logging capabilities
• Frequently test your backup policy (Inline with your BIA)
• ISO certification or a SOC type 2 report
Continuous
Vulnerability Management
Operational Resilience
Data Privacy
• Gaining Executive buy-in
• Reviewing ICT third-party providers will require a
huge sorting effort to focus on the most critical.
• Test resilience capabilities on a regular basis
• Timely and transparent incident reporting
• DORA brings a holistic approach to ICT Risk Mgt.
• DORA is harmonizing efforts to protect customer data.
• DORA is clearly focusing on Resilience by combining
CyberSecurity,
Business Continuity
IT Service Continity
Challenges Opportunities