#5: Rethinking Cyber Resilience in Finance

Suptech Broadcast
Written By Saiesha Pitroda

22nd June 2023


With:

| Manit Sahib (Picnic Corporation)

| Wiebe Ruttenberg (SecAlliance)

The discussion highlights a critical regulatory pivot: DORA (Digital Operational Resilience Act) and NIS2 are no longer just IT checklists; they are strategic mandates for senior management. Manit Sahib explores the "Human Attack Surface," noting that 95% of breaches involve human error, while Wiebe Ruttenberg provides a masterclass on Threat-Led Penetration Testing (TLPT). Together, they explain how frameworks like TIBER-EU are being codified into law, requiring banks to simulate sophisticated, real-world attacks to prove their resilience.

A central theme is the "Continuous Compliance" paradigm. Under DORA, critical third-party ICT providers (like cloud giants) fall under direct oversight for the first time. The guests explore how Suptech—specifically automated reporting and real-time risk dashboards—is the only way for regulators to manage the massive influx of incident data that these new laws require.

The session covered: 

  • The Regulation vs. Directive Distinction: Understanding why DORA (Regulation) is a "drill sergeant" for finance, while NIS2 (Directive) sets the safety floor for the broader economy.

  • The "Lex Specialis" Principle: Why DORA takes precedence for financial institutions, overriding the more general requirements of NIS2 to ensure sector-specific stability.

  • Threat-Led Penetration Testing (TLPT): How DORA mandates intelligence-led "Red Teaming" every three years to battle-test critical systems against actual adversary tactics (TTPs).

  • Supply Chain Sovereignty: Analyzing the new "audit and access" rights that banks must now secure in their contracts with ICT third-party providers.

  • The Human Element: Why "Managed Empathy" and security culture are more effective than technical controls in neutralizing social engineering pathways.

  • Suptech as an Enabler: How supervisory technology allows authorities to move from "reading reports" to "monitoring pulses," using automated data feeds to detect contagion in real-time.

 

Watch on Demand: 

Listen on: Spotify | Apple Podcasts | Amazon Music

Missed our previous sessions?

You can catch up on The Suptech Broadcast on demand: View all episodes >

Or listen wherever you get your podcasts: Spotify | Apple | Amazon Music

 

Saiesha Pitroda
Previous

#6: Charting a Course for Suptech Innovation
Next

#15: CBDC & Privacy Technology