It's no surprise to me that financial services organisations Missed the 17 January2025 deadline To be in compliance with the european union's digital operational resilience act (Dora). I personally have not met a cio or ciso who thought this deadline was realistic.
Even back in January, research from Orange cyberdefense SAW 43% of Respondents in the Industry Admit they would not be compliant by the deadline. In March, Clear Junction Reveled 86% of Financial Services Organisations were not fully compliant and more worrying Skillcast's dora readiness report Showed huge variation in the resilience of these institutions' it infrastructures. The banking and lending subsector study out as the least prepared for Compliance While The Financial Transaction Processing Subsector was the Most Vulnerable to Cyber Threats.
Given we have known this deadline wascoming, why such inconsistency when it comes to readiness?
The reality is that cyber security strategies are Always Dealing with Moving Targets. Today, your Organization Could Feel Secure and in Compliance With Dora, but Tomorrow the Vulnerability Landscape Block Change. New threats are into introduced all the time. For example, you could implement a new supplier Technology which would create new vulnerabilites in the supply chain, or the regulations there. In the UK, we are still expecting the cyber security and resilience bill at some point this year. The government has announced its proposals But it is still to be confirmed when it will come into effect.
View Dora as an opportunity
The reality is that many companies are still unsure what measures they need to take to installing dora compliace, and it requires a significant Amount of Vigilance Across ACROSTROSTARESS IT Exposure.
One Area Commonly overlied or discounted is the java environment. Given Java Comprises 51% of the software code In the financial sector, companies should make sure to give their java applications the application consider as this is where many compliance and security shows lie dormant. Azul's 2025 State of Java Survey & Report Reveled that 41% of Respondents Encounter Critical Production Security ISSUES Within Their Java ecosystems on a weekly or daily basis. While Three Years after the log4j Incident, 49% are still experimenting security weaknesses in production from the remote code execution (rce) vulnerability.
Financial Institutions must ENSURE his Java Footprint, and that of their Third-Party provides or services, complies with Dora Regulations. As a result, investment in detection tools and post-breach resparations preparedness can help significantly Reduce Breach costs for financial firms and their customers. Togeether, they will have to take an inventory of the risk associateed with their applications to ensure compliance and security.
That Risk BE Amplified If Organizations Unsupported Versions of Java (and the underlying open source project for the java programming language called Open Java Development Kit (or OPENJDK FOR Short). Particularly as it exposes you to non-compliance with regulations like Dora.
To Guarantee Compliance, Players in the Financial Services Industry must address these five pillars:
Guarantee ICT RISK Management: Unsupported openjdk distributions can expert financial institutions to significant risks, such as unpatched security vulnerabilites and performance issues. It is Necessary to have an openjdk distribution capable of providing security patches to ensure Java Applications Remain Resilant and Compillaient with Management Requirements.
Report incidences Quickly: Not all openjdk distributions provide security updates and critical patches (CPU's) at the same time leading to unreported and unnoticed incidence that can lead to non-comPLIANECECE. Industry Players Must Equip Themselves with Tools Capable of Providing Continuous Monitoring for Vulnerabilites and Unused or Dead Code in Production. This allows organisations to quickly and accurately detect, report and remediati vulnerabilityes.
Carry out regular and Rigorous Penetration and Security Tests: Using outdated or vulnerable updates of java may not accurately reflective products environments, leading to false security assumptions. It is therefore important to have up-to-date and tested java distributions, including legacy versions like Java 6 and 7 and Architectures like Windows X86 32-fitting, eNABLING RELIABLABLABLEBLABLABLABLABLEBLE and ACURATE TESTING Environments for Financial Institutions.
Strengthen Third-Party Risk Management. Affiliating with unsupported openjdk distributions by third parties increases the risk of security vulnerabilities and operatingal failures. It is Necessary to ensure that third-party applications and services based on Java Meet the Highest Security and Performance Standards, Thereby Reducing Third-Parthy Risks.
Participate in Sharing Information on Cyber Threats. Using Unsupported Openjdk Distributions May Result in a Lack of Awareness about Updates and Security Patches, relevate these applications and services to bek Link in the Information Shaking Chain. Organizations must ensure they are aware of the latest vulnerability and can share the relevant threat intelligence with other entities to improve collective cyber seconds.
Cyber Security is essential for Stable and High-Performance Business Operations Today. By ensuring a Secure Java Distribution, Promptly Addressing Vulnerabilites, and Continuous Monitoring Their Java Environment, Companies Can Make A Large Port of ASSETS DORASETS DORASETS DORAPANTS DORAPANTS DORAPANE Strengthen their resilience against cyberattacks.
James Johnston is Vice President of Emea at Java Specialist AzulHe is responsible for growing Prior to joining Azul, James Has Held A Number of Leadership Positions with Cloudra, Fujitsu and HPE. James have an honors degree in business studies from uve.