Operational digital resilience. How Sii facilitates navigating the maze of cybersecurity regulations

With the influx of English nouns and regulations for cybersecurity in the financial sector, the challenges of complying with the Digital Operational Resilience Act (DORA) are causing a stir in the financial world. Find out more about the details related to DORA and learn about Sii Poland’s specialized services for aligning and ensuring process compliance with national and global regulatory standards.

As the digital world evolves, we are bombarded with terms such as phishing, vishing, smishing, APP Authorise Push Payment, PSD3, AI ACT, ATO, BEC, and DORA, among others. Regulations, fraud threats, and directives are increasing rapidly, so it’s important to stay on top of each one. And ignoring any regulations is not an option.

The relationship between financial Institutions and suppliers

Financial institutions have been focusing on establishing smooth collaboration with their suppliers for some time. This collaboration often takes on a multifaceted nature due to the diversity of cooperation categories and the scale of suppliers, introducing multiple challenges.

— Central to this is third-party risk management, which involves managing the chain of external suppliers and services and the associated risks. This is a vital issue, especially highlighted in the banking sector, particularly among insurance companies, credit institutions, investment firms, and lending companies — comments Artur Walendzik, Banking Consultant at Sii Poland.

DORA — a glimpse into the future of cybersecurity in finance

Third-party risk management now operates under the new DORA regulation, introducing significant changes in the financial sector concerning cybersecurity services. It is imperative to remember that this is a two-sided coin: while financial institutions are under the spotlight, ICT suppliers are also significantly impacted by DORA requirements.

Notably, the essence of DORA is not just about stipulated compliance but ensuring the proper security of organizational processes.

Key requirements of DORA

For entities affected by DORA, the main target will be financial institutions that haven’t been tightly regulated in terms of security, significantly smaller non-banking financial entities. The requirements concerning DORA can be summarized as follows:

1. Risk management procedure: This involves describing and identifying types of risks, followed by a detailed assessment of how critical and hazardous each risk is.
2. Internal security team: Organizations must either have an internal team to manage incidents or collaborate with an external firm that offers such services.
3. Agreement with third parties: This is essential for regular penetration tests of systems.
4. Third-party risk management processes: This is to oversee and evaluate subcontractors’ systems.
5. Communication with institutions: Security teams should liaise with entities like CERT to disseminate information about newly identified threats.

Sii’s cybersecurity project for a leading commercial bank in Poland

Having extensive industry experience, Sii Poland ensures that banking institutions meet and surpass regulatory compliance standards in the evolving financial landscape.

In response to the increasing prevalence of e-banking fraud, a leading Polish commercial bank headquartered in Katowice recognized the need to improve anti-fraud measures. However, the client needed help with how to proceed with their current tools and turned to Sii Poland for assistance.

Sii Poland thoroughly reviewed the bank’s existing measures and identified critical gaps in their security. Then, the expert team developed customized anti-fraud strategies tailored to the bank’s challenges.

Thanks to Sii Poland’s expertise, the bank was able to meet regulatory standards and significantly reduce response times to potential threats. Additionally, they improved the quality of their security and reduced operational costs. This successful collaboration demonstrates the value of seeking specialized assistance when facing complex challenges.

Examples of Sii’s global projects in the banking sector

Sii Poland’s track record in the banking sector extends beyond the Polish borders and addresses various aspects of cybersecurity and data protection.

The company provided dedicated teams of Service Managers, DLP Analysts, and DLP Engineers to implement Data Loss Prevention (DLP) systems for a Swiss-based global wealth manager recognized as one of the world’s nine Bulge Bracket banks. After analyzing the client’s specific data protection requirements, Sii implemented the necessary data protection systems and rules, resulting in heightened security for the bank’s crucial corporate data.

Similarly, when a Fortune 500 financial services company experienced recurring customer data leaks, Sii Poland resolved the issue by implementing and continuously monitoring a Data Loss Prevention tool. They managed all data leak incidents, quickly assessing whether they were intentional or accidental and taking immediate action when required. By improving and rigorously testing DLP rules, Sii minimized the risk of data leakage and increased customer data protection while adhering to strict Service Level Agreement timelines.

— In the ever-changing world of technology, banks need to prioritize digital resilience to remain operational — says Michał Żelazowski, Head of Banking at Sii Poland. — At Sii, we don’t just implement the latest technologies. We also ensure they are resilient to evolving threats, as operating efficiently in a digital environment is not enough. We also strive to ensure that our customers remain resilient even in the face of threats — he adds.