Cyber resilience Archive

Tag Archive for: Cyber resilience

Greenbone Supports DORA Compliance with Vulnerability Detection, Data Sovereignty and Reporting

The global financial sector has been slammed with high-profile cyber incidents, placing trust in financial systems in jeopardy. These cyber attacks are extremely costly and widespread. Large corporations are not the only losers in this battle. Citizens also suffer directly when data protection and the integrity of financial transactions are compromised.

Some of the most impactful breaches of financial entities in the EU and globally include:

Equifax (2017): Breached via an unpatched vulnerability in Apache Struts, leading to the theft of Social Security Numbers (SSN), birthdates, addresses and driver’s licenses of 147 million people.
UniCredit (2018): Italy’s second-largest bank exposed the Personally Identifiable Information (PII) of 778,000 clients; the Italian DPA finally issued a €2.8 million fine for the breach in 2024.
Capital One (2019): A misconfigured firewall was used to breach Capital One to steal the PII of 106 million individuals.
Finastra (2023): The UK-based fintech provider servicing global banks, was breached via its secure file-transfer system, resulting in the theft of over 400 GB of sensitive financial data from major banking clients.
UBS and Pictet (2025): A third-party cyberattack on Chain IQ exposed the PII of over 130,000 employees, including contact information for top executives.
Bybit (2025): North Korean hackers stole $1.5 billion worth of Ethereum from Bybit’s cold wallet, marking the biggest crypto exchange hack ever recorded.

These incidents emphasize the strategic importance of securing financial technology providers. Cyber attacks against banks include fraudulent wire transfers, ATM hacking, POS malware and data theft. Arguably, the impact of sensitive PII being stolen is even worse than simply stealing money. Stolen identities: names, SSNs, addresses and other PII are later sold on darknet marketplaces and used by attackers to commit identity theft, open fraudulent bank accounts or lines of credit and to conduct social engineering against individuals directly. Geopolitical tensions further place data theft victims at risk; hostile nation states and legally ambiguous intelligence brokers collect intelligence on individuals for surveillance, intimidation campaigns or worse.

In response to elevating threats, the Digital Operational Resilience Act, (aka “DORA”) exists to strengthen the EU financial sector’s cybersecurity posture with greater safeguards. This new legal framework is a pivotal piece of legislation within the EU’s financial regulatory framework, to stabilize consumer trust and bolster business confidence.

How OPENVAS SECURITY INTELLIGENCE by Greenbone Supports DORA Compliance:

Vulnerability management is a fundamental IT security activity with a well-established benefit to operational resilience. OPENVAS SCAN by Greenbone is an industry leading vulnerability scanner with a proven track record.
Our OPENVAS ENTERPRISE FEED has industry leading coverage for CVE detection as well as other network and endpoint vulnerability detection.
OPENVAS SCAN can identify the encryption protocols allowed by network services to ensure data-in-transit is compliant with data security best practices.
Our compliance scans can attest security hardened configuration for a wide range of operating systems (OS) and applications. This includes certified CIS Benchmarks for Apache HTTPD, Microsoft IIS, NGINX, MongoDB, Oracle, PostgreSQL, Google Chrome, Windows 11 Enterprise, Linux, and more [1][2].
All OPENVAS SECURITY INTELLIGENCE components are designed for absolute data sovereignty; your organization’s data never needs to leave the organization.
Our core product line is open source, time tested and open to external review by customers and community members alike. This visibility helps streamline third-party ICT service providers auditing.
OPENVAS REPORT by Greenbone is specially tailored to support evidence gathering and data retention for compliance reporting.
As an active ISO/IEC 27001:2022 and ISO 9001:2015 certified organization, Greenbone is dedicated to the most stringent quality standards for Information Security. Our ISO:14001 certification for Environmental Management Systems shows our continued commitment to things that matter.

The EU’s Digital Operational Resilience Act (DORA)

DORA is an EU regulation published in the Official Journal of the European Union on January 16, 2023, which came into force on January 17, 2025. DORA is part of the EU’s broader Digital Finance Strategy, and its goal is to standardize cybersecurity governance and risk management requirements, strengthening the operational resilience of financial entities in the EU. The act applies to 20 different types of financial entities including banks, insurance companies, investment firms and Information and Communication Technology (ICT) third-party service providers (TPP).

But aren’t financial entities subject to NIS 2 regulation as Essential Entities (EEs)?

Yes, but under Article 4 of NIS 2, financial services firms covered by DORA—such as banks, investment firms, insurance institutions, and financial market infrastructures—must fully adhere to DORA’s requirements when it comes to cybersecurity risk management and incident reporting. Also, any other sector-specific equivalent EU mandates that apply to risk management or incident reporting must take precedence over the corresponding provisions in NIS 2.

Who are the European Supervisory Authorities (ESAs)?

There are three formally designated ESAs responsible for issuing Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) which clarify DORA’s requirements. The ESA entities are:

The European Banking Authority (EBA) [1]
The European Insurance and Occupational Pensions Authority (EIOPA) [2]
The European Securities and Markets Authority (ESMA) [3]

What are Regulatory Technical Standards (RTS)?

As the name implies, RTS define the required technical standards that entities covered by DORA must adhere to. RTS documents provide detailed guidance to ensure consistent application of DORA across the EU financial sector [4].

The final draft Regulatory Technical Standards are:

ICT risk management framework and simplified ICT risk management framework [5]
Criteria for the classification of ICT-related incidents [6]
Policy on ICT services supporting critical or important functions provided by TPPs [7]

What are Implementing Technical Standards (ITS)?

ITS are detailed rules that specify how financial entities must comply with obligations. They translate DORA’s general provisions into precise operational, procedural, and reporting standards. ITS address incident reporting, tracking of ICT TPP relationships and assessments, threat-led penetration testing (TLPT), and cyber threat information sharing.

The final draft ITS of templates for the register of information [8]

The Scope of DORA’s Impact on IT Security

Here are the fundamental IT security principles that DORA impacts:

Risk Management: DORA mandates that financial entities implement robust IT Risk Management Frameworks (RMF) to reduce their operational risks.
Incident Reporting: Fully regulated entities must report major cybersecurity incidents to their national authorities within 24 hours following a standardized format. However, small, non-interconnected, and exempt entities are eligible for reduced reporting requirements.
Third-Party Risk: DORA establishes stricter oversight and accountability for how financial entities manage their relationships with third-party ICT service providers.
Security Testing: Financial entities must conduct regular security assessments of their digital systems to improve resilience against cyber threats.
Information Sharing: For improved information sharing between financial institutions and relevant authorities, entities are encouraged to report emerging threats if they may be relevant to others.

Summary

High-profile cyberattacks have exposed cracks in the financial sector’s deep digital weaknesses, prompting the EU to enact, and as January 17th, 2025, enforce the Digital Operational Resilience Act (DORA). Greenbone is an ally to support DORA compliance for covered entities with our established and trusted suite of enterprise vulnerability management products and compliance reporting tools. Our products support resilient data sovereignty, and detailed security assessment reporting.

True cyber risk mitigation is not simply about meeting compliance checkboxes. Defenders must be proactive in detecting emerging risks as early as possible to strengthen operational resilience. Greenbone enables early awareness of security vulnerabilities allowing the IT defenders of Europe’s financial entities to fix them before cyber breaches occur.

Contact Test Now Buy Here Back to Overview

13. August 2025/by Greenbone AG

Vulnerability management in 12 minutes

Blog

Why is Greenbone not a security provider like any other? How did Greenbone come about and what impact does Greenbone’s long history have on the quality of its vulnerability scanners and the security of its customers? The new video “Demystify Greenbone” provides answers to these questions in an twelve-minute overview. It shows why experts need […]

24. June 2024/by Greenbone AG

Cyber attacks are like earth quakes

Blog

Earth quakes and cyber attacks have much in common. First: The forces are outside of our control and we can not prevent them to happen.

Second: We are not helplessly at the mercy. We can install early warning, minimize destructive effect and recover quickly. But only if we act BEFORE it happens.

Sure, earth quakes are about human live and cyber attacks are so far usually not. Yet I think this comparison is important in order to make it easier to understand the significance of cyber attacks the the options for action.

Of course there are also differences and the most striking one to me is the average frequency of occurence. This vivid direct comparison shows the parallels:

We have no technology to prevent them to happen, but…	Earth quake	Cyber Attack
We have prognosis models where they happen most likely	Tectonic models	Vulnerability intelligence
We have sensors that provide early warnings shortly before it happens (sometimes they fail though with false positive and false negatives)	Seismographs	Vulnerability scanning and threat intelligence
We have a scale to compare events about potential damage	Richter magnitude scale: Ranges from 1.0 to 9.9 Sometimes the effect is just shaking indoor objects and sometimes it is collapse of buildings	Severity Score: Ranges from 0.1 to 10.0 Sometimes you have some extra network load and sometimes a remote administrative exploit.
…you can do something to minimize negative impact:
Make you infrastructure stable against this type of force	Obligatory architecture designs Overview and controlling of compliance	Obligatory security policies detection and limitation of attack surface: Vulnerability testing and remediation Vulnerability management and compliance
Have trained teams ready to help recover quickly when it happens	Central command center and distributed on-site medical and repair teams Processes and and regular trainings thereof	Security operation center and distributed system administrator Dev-ops or suppliers for operational support Processes and and regular trainings thereof
Make all people aware on how to save their lives best when it happens	Understandable training materials and regular awareness trainings	Understandable training materials and regular awareness trainings

Contact Free Trial Buy Here Back to Overview

18. September 2023/by Jan-Oliver Wagner

Predictive Vulnerability Management with Greenbone

Blog, Research

Jennifer Außendorf, project lead of the project for Predictive Vulnerability Management

Project lead Jennifer Außendorf

Identifying tomorrow’s vulnerabilities today with Predictive Vulnerability Management: Together with international partners from across Europe, Greenbone’s cyber security experts are developing a novel cyber resilience platform that uses artificial intelligence and machine learning to detect vulnerabilities before they can be exploited, helping to prevent attacks.

Greenbone is strengthening its internal research in the field of “Predictive Vulnerability Management” and will additionally participate in publicly funded research and development projects in 2022. Currently, the security experts are working on a funding application for a European Union project. Until the first phase of the application submission is completed, Greenbone is involved within an international consortium and is working on a joint cyber resilience platform. The focus here is on preventing attacks in advance so that remedial action can be taken more quickly in an acute emergency. Methods for detecting anomalies by combining and analyzing a wide variety of sources from network monitoring and network analysis data will help to achieve this. The research area focuses on active defense against cyber attacks and includes penetration tests and their automation and improvement through machine learning.

In an interview, project manager Jennifer Außendorf explains what the term “Predictive Vulnerability Management” means.

Jennifer, what is cyber resilience all about? Predictive Vulnerability Management sounds so much like Minority Report, where the police unit “Precrime” hunted down criminals who would only commit crimes in the future.

Jennifer Außendorf: Predicting attacks is the only overlap, I think. The linchpin here is our Greenbone Cloud Service. It allows us to access very large amounts of data. We analyze it to enable prediction and remediation, providing both warnings for imminent threats and effective measures to address the vulnerabilities.

For example, we can also identify future threats earlier because we are constantly improving Predictive Vulnerability Management with machine learning. In the area of “Remediation”, we create a “reasoned action” capability for users: they are often overwhelmed by the number of vulnerabilities and find it difficult to assess which threats are acute and urgent based purely on CVSS scores.

One solution would be to provide a short list of the most critical current vulnerabilities – based on the results of artificial intelligence. This should consider even more influencing variables than the CVSS value, which tends to assess the technical severity. Such a solution should be user-friendly and accessible on a platform – of course strictly anonymized and GDPR-compliant.

Why is Greenbone going public with this now?

Jennifer Außendorf: On the one hand, this is an incredibly exciting topic for research, for which we provide the appropriate real-life data. The large amounts of data generated by the scans can be used in a variety of ways to protect customers. Figuring out what is possible with the data and how we can use that to add value for users and customers is a big challenge.

On the other hand, Greenbone wants to use the project to strengthen cyber security in the EU. For one thing, this is a hot topic right now: customers often end up with American companies when looking for cyber defenses, which usually doesn’t sit well with the GDPR. Greenbone has decided to launch a project consortium and will seek project funding in parallel.

Who will or should participate in the consortium?

Jennifer Außendorf: The consortium will consist of a handful of companies as the core of the group and will be complemented by research partners, technical partners for development and a user group of other partners and testers.

Because the project will take place at EU level, it is important for us to involve as many different member states as possible. We hope that the different backgrounds of the partners will generate creative ideas and approaches to solutions, from which the project can only benefit. This applies equally to the phase of building up the consortium.

Are there other players in the field of Predictive Vulnerability Management so far or has no one tried this yet?

Jennifer Außendorf: At the moment, we don’t see any competitors – Greenbone also deliberately wants to be an innovation driver here. Yes, the buzzwords “thought leadership”, “cloud repurpose” and “cyber resilience” are certainly floating around, but there is one thing that only we (and our customers) have: the anonymized data, which is essential for the research results, and above all the large amount of data that makes it possible to apply machine learning and other methods in connection with artificial intelligence in the first place – only we have that.

What is the current status there, what is on the roadmap?

Jennifer Außendorf: We are currently in the process of specifying the individual topics in more detail with the first research partners. They have many years of experience in cyber security and machine learning and provide very valuable input. We are also currently working on expanding the consortium and recruiting additional partners. Work on the actual application should start soon.

Our goal is to incorporate the results of the project directly into our products and thus make them available to our customers and users. Ultimately, they should benefit from the results and thus increase cyber resilience in their companies. That is the ultimate goal.