{"id":531574,"date":"2024-12-05T09:00:00","date_gmt":"2024-12-05T14:00:00","guid":{"rendered":"https:\/\/www.commvault.com\/?p=531574"},"modified":"2024-12-04T16:04:01","modified_gmt":"2024-12-04T21:04:01","slug":"building-resilience-cyber-recovery-strategies-under-dora","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora","title":{"rendered":"Building Resilience: Cyber Recovery Strategies Under DORA"},"content":{"rendered":"\n
The Digital Operational Resilience Act (DORA) is set to revolutionize the way financial entities approach cybersecurity and operational resilience. As organizations in the EU prepare to comply with this new regulation that takes effect January 17, it\u2019s crucial to understand how DORA will impact cyber recovery strategies. This post delves into the key changes and considerations for enhancing your cyber recovery plans under DORA.<\/p>\n\n\n\n
Understanding DORA<\/h4>\n\n\n\n
DORA aims to ensure that financial entities can withstand, respond to, and recover from all types of operational disruptions and threats. This includes cyberattacks, which have become increasingly sophisticated and frequent. The regulation mandates that financial institutions implement robust operational resilience frameworks, including comprehensive cyber recovery strategies.<\/p>\n\n\n\n
Key Changes in Cyber Recovery Strategies<\/h4>\n\n\n\n
Financial institutions have long had a mandate to protect their data and infrastructure from threats, but DORA aims to increase the overall resilience of financial systems operating in the EU. Here\u2019s how the provisions will affect an organization\u2019s resilience strategies:<\/p>\n\n\n\n
An incident response plan is crucial for swift and effective action in the event of a cyber incident. This plan should outline the steps to be taken immediately after an incident is detected, including containment, eradication, and recovery. Under DORA, incident response plans must be more detailed and regularly tested. This includes:<\/p>\n\n\n\n
\n
Clear roles and responsibilities:<\/strong>\u00a0Define who is responsible for what during a cyber incident.<\/li>\n\n\n\n
Communication protocols:<\/strong>\u00a0Establish clear communication channels with stakeholders, regulators, and customers.<\/li>\n\n\n\n
Regular drills:<\/strong>\u00a0Conduct regular incident response drills to prepare all team members.<\/li>\n<\/ul>\n\n\n\n
2. Data Backup and Recovery<\/h6>\n\n\n\n<\/ol>\n\n\n\n
Data is the lifeblood of any organization, and DORA puts increased emphasis on the importance of its integrity and availability. Organizations must:<\/p>\n\n\n\n
\n
Implement robust backup solutions:<\/strong>\u00a0Ensure that critical data is backed up regularly and stored securely.<\/li>\n\n\n\n
Test recovery procedures:<\/strong>\u00a0Regularly test data recovery procedures to ensure they work as intended.<\/li>\n\n\n\n
Redundancy:<\/strong>\u00a0Maintain redundant systems to minimize downtime during a cyber incident.<\/li>\n<\/ul>\n\n\n\n
Many organizations rely on third-party vendors for various services. However, these vendors also can introduce risks. Effective third-party risk management involves:<\/p>\n\n\n\n
\n
Vendor due diligence:<\/strong>\u00a0Conduct thorough assessment of the security posture of all third-party vendors.<\/li>\n\n\n\n
Contractual agreements:<\/strong>\u00a0Confirm that vendor contracts include clear requirements for cybersecurity and incident response.<\/li>\n\n\n\n
Ongoing monitoring:<\/strong>\u00a0Continuously monitor third-party relationships to verify compliance, and identify and mitigate risks.<\/li>\n<\/ul>\n\n\n\n
4. Regular Audits and Assessments<\/h6>\n\n\n\n<\/ol>\n\n\n\n
DORA requires regular audits and assessments of cybersecurity measures. This includes:<\/p>\n\n\n\n
\n
Internal audits<\/strong>: Conduct regular internal audits to identify vulnerabilities and areas for improvement.<\/li>\n\n\n\n
External audits<\/strong>: Engage external auditors to provide an independent assessment of your cybersecurity posture.<\/li>\n\n\n\n
Risk assessments<\/strong>: Perform regular risk assessments to identify and mitigate potential threats.<\/li>\n<\/ul>\n\n\n\n
5. Employee Training and Awareness<\/h6>\n\n\n\n<\/ol>\n\n\n\n
Employees are often the first line of defense against cyber threats. Education can help create a culture of vigilance and resilience \u2013 and reduce the risk of human error. Under DORA, organizations must facilitate:<\/p>\n\n\n\n
\n
Regular training:<\/strong>\u00a0Provide regular training to all employees on cybersecurity best practices.<\/li>\n\n\n\n
Awareness campaigns:<\/strong>\u00a0Conduct awareness campaigns to keep employees informed about the latest threats and best practices.<\/li>\n\n\n\n
Simulated attacks:<\/strong>\u00a0Use simulated phishing attacks and other exercises to test employee awareness and response.<\/li>\n<\/ul>\n\n\n\n
While the advent DORA may change some elements of your overall strategy, the basic framework of implementing a plan should be the same. Here are the steps you can take to keep your organization\u2019s cyber recovery plan in compliance:<\/p>\n\n\n\n
\n
Assess Current Capabilities<\/strong>: Conduct a thorough assessment of your current cyber recovery capabilities to identify gaps and areas for improvement.<\/li>\n\n\n\n
Develop a Comprehensive Plan<\/strong>: Develop a comprehensive cyber recovery plan that addresses all aspects of DORA, including incident response, data backup, third-party risk management, and training.<\/li>\n\n\n\n
Allocate Resources<\/strong>: Allocate the necessary resources, including budget, personnel, and technology, to implement your cyber recovery plan.<\/li>\n\n\n\n
Test and Refine<\/strong>: Regularly test your cyber recovery plan and refine it based on the results. Continuous improvement is key to maintaining operational resilience.<\/li>\n\n\n\n
Document Everything<\/strong>: Document all aspects of your cyber recovery plan, including policies, procedures, and test results. This documentation will be crucial for demonstrating compliance with DORA.<\/li>\n<\/ol>\n\n\n\n
Compliance Should Lead to Resilience<\/h4>\n\n\n\n
DORA represents a significant shift in how financial entities approach cybersecurity and operational resilience. By enhancing incident response plans, implementing robust data backup and recovery solutions, managing third-party risks, conducting regular audits and assessments, and providing comprehensive training and awareness, organizations can build resilient cyber recovery strategies that comply with DORA.<\/p>\n\n\n\n
As the regulatory landscape continues to evolve, it\u2019s essential to stay informed and adapt your strategies accordingly. By proactively addressing the requirements of DORA, you can prepare your organization to withstand, respond to, and recover from cyber incidents, ultimately safeguarding your operations and reputation.<\/p>\n","protected":false},"excerpt":{"rendered":"
We\u2019ll help you understand the changes designed to protect financial organizations.<\/p>\n","protected":false},"author":171,"featured_media":531575,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[207,1541,1446,975,209,1542],"tags":[],"cmv_author":[1538],"class_list":{"0":"post-531574","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-backup-2","8":"category-backup-and-recovery","9":"category-cyber-resilience","10":"category-cybersecurity","11":"category-disaster-recovery-2","12":"category-disaster-recovery","13":"cmv_author-the-collaborative","14":"entry"},"yoast_head":"\n
Building Resilience: Cyber Recovery Strategies Under DORA | Blog<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n\n\n\n\t\n\t\n\t\n","yoast_head_json":{"title":"Building Resilience: Cyber Recovery Strategies Under DORA | Blog","description":"This post delves into the key changes and considerations for enhancing your cyber recovery plans under DORA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora","og_locale":"en_US","og_type":"article","og_title":"Building Resilience: Cyber Recovery Strategies Under DORA","og_description":"This post delves into the key changes and considerations for enhancing your cyber recovery plans under DORA.","og_url":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2024-12-05T14:00:00+00:00","article_modified_time":"2024-12-04T21:04:01+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","type":"image\/png"}],"author":"unguyen","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"unguyen","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora"},"author":{"name":"unguyen","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c"},"headline":"Building Resilience: Cyber Recovery Strategies Under DORA","datePublished":"2024-12-05T14:00:00+00:00","dateModified":"2024-12-04T21:04:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora"},"wordCount":786,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","articleSection":["Backup and Recovery","backup-and-recovery","Cyber Resilience","Cybersecurity","Disaster Recovery","disaster-recovery"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora","url":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora","name":"Building Resilience: Cyber Recovery Strategies Under DORA | Blog","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","datePublished":"2024-12-05T14:00:00+00:00","dateModified":"2024-12-04T21:04:01+00:00","description":"This post delves into the key changes and considerations for enhancing your cyber recovery plans under DORA.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/building-resilience-cyber-recovery-strategies-under-dora#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"Building Resilience: Cyber Recovery Strategies Under DORA"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c","name":"unguyen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","caption":"unguyen"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/12\/Social_BLOG-Dora_1_Linkedin-02B.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/531574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/171"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=531574"}],"version-history":[{"count":5,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/531574\/revisions"}],"predecessor-version":[{"id":531612,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/531574\/revisions\/531612"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/531575"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=531574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=531574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=531574"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=531574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}