Science & Technology
Financial Service Providers Need to Catch Up on TLPT
[ad_1]
Keith Poyser on DORA: “A penetration test every three years is ineffective, irrelevant and immediately out of date. Monthly, or weekly testing is far more effective.”
London, 30 April 2025 – Since the implementation of the Digital Operational Resilience Act (DORA) on January 17th this year, financial institutions in the EU are required to conduct regular Threat-Led Penetration Testing (TLPT). This involves using real-world cyber-attack techniques to assess IT infrastructures and identify exploitable attack vectors before they are discovered by threat actors. “While this is a positive step, the mandated three-year testing cycle is far too long given the fast-paced nature of cybercrime,” said security expert Keith Poyser, Vice President for EMEA at cybersecurity company Horizon3.ai. The company operates the autonomous pentesting platform NodeZero®, where financial service providers can conduct penetration tests on their IT infrastructure, cloud and kubernetes environments, as often as they like to identify potential security gaps. Poyser points to findings from Horizon3.ai’s “Cyber Security Report UK 2024/25” according to which 70 percent of organisations questioned have fallen victim to a cyberattack at least once in the past two years.
“Given the increasing frequency of cyberattacks, it is unacceptable for a financial services provider to assess just once every three years whether their IT infrastructure is capable of withstanding an attack or if it will fail,” explained Poyser. He further added: “With cybercriminals becoming ever more aggressive, an exploit focused, impact prioritised, high frequency, modern testing regime, with fix actions and re-tests, has to be a key part of any sensible strategy for financial services institutions.”
“Like Finding a Needle in a Haystack“
According to the industry veteran, the biggest challenge is identifying which of the vast number of potential IT weaknesses or vulnerability “noise” are real world exploitable within an organisation, and prioritising these for quick remediation. “The list of potential entry points is long, ranging from outdated software somewhere in the system, weak or reused passwords, or excessively broad access rights for individual employees, to threats arising from the software supply chain,” explained Poyser, illustrating the scale of the task. He continued: “In this typically heterogeneous and complex IT landscape, finding a security gap is like searching for the proverbial needle in a haystack. Threat actors manage to do it, which is why financial service providers need to use the same methods as cybercriminals to stay one step ahead. And that’s exactly what penetration tests are: searching for needles in your own IT haystack before attackers can find them.”
Extensive Compliance Requirements
“It’s not just about technical protection; compliance is equally important,” emphasised cybersecurity expert Keith Poyser. He highlights the extensive obligations for financial service providers under the Digital Operational Resilience Act: ICT risk management, digital operational resilience testing, which includes TLPT, ICT incident reporting, business continuity and emergency management planning, management of ICT third-party risks, and information sharing between entities to collectively enhance resilience.
In relation to all these obligations, financial service providers are subject to increased oversight by national and European authorities, including inspections and audits. “In the event of a serious security incident, the question of how thoroughly the requirements have been implemented at each institution will come to the forefront,” Poyser is certain.
“A successful self-attack on one’s own IT infrastructure, which is exactly what a penetration test is, provides the best proof of resilience. For this compliance consideration alone, a penetration test is recommended on a monthly, if not weekly, basis.”
CTEM und ASM are Key
Cybersecurity leader Poyser strongly recommends extending the Threat-Led Penetration Testing (TLPT) required by DORA to a Continuous Threat Exposure Management (CTEM). This new approach not only continuously monitors the risk but also makes it visible at both the IT level and management level.
A crucial element in this process is Attack Surface Management (ASM), which involves monitoring the portion of the IT infrastructure that is connected to the internet and, therefore, vulnerable to external attacks. “In the era of online banking and smartphone apps, continuous ASM is essential for financial service providers,” explained Poyser. By integrating the autonomous penetration testing platform NodeZero into their CTEM and ASM strategies, institutions can direct their security efforts towards addressing the actual vulnerabilities that are proven to be exploitable, identified during testing.
Instead of searching for long lists of often low relevance vulnerabilities, Poyser recommends focusing on targeted repairs at critical points. This approach can significantly reduce the so-called Mean Time to Remediation (MTTR), which is the time between discovering a vulnerability and fixing it. In normal practice, this time frame typically ranges from one to three months due to a lack of sufficient staff to fix “all errors at once.” However, with NodeZero tests, exploitable weaknesses are prioritised based on their risk to the specific organisation, enabling the IT team to address the most critical entry points for hackers first, and only then tackle the “smaller gaps.” The tool then shows how to fix the issue, then re-runs a specific retest to ensure that attack is no longer possible.
“DORA is an important step in the right direction,” said Poyser, “but only with significantly shortened pentesting intervals can cybersecurity in the financial sector be made appropriate to the level of criminal energy in the hacker community. And only through an autonomous pentesting platform like NodeZero can this increased frequency be achieved at manageable costs and with a reasonable amount of personnel effort.”
For more in-depth insights on DORA and its impact on legal firms and their requirements for demonstrating resilience, read our detailed whitepaper here.
Download your complimentary copy of the 2025 Gartner® Market Guide for Adversarial Exposure Validation here.
About Horizon3.ai and NodeZero: Horizon3.ai provides a cloud-based platform, NodeZero, enabling organisations and public authorities to simulate self-attacks on their IT infrastructure to assess their cyber resilience through penetration testing (pentesting). Thanks to its cloud model, the platform offers affordable, regular pentesting, making it accessible to mid-sized companies. Horizon3.ai continuously monitors the cybercrime landscape to ensure that newly discovered vulnerabilities are swiftly integrated into the cloud system. NodeZero not only identifies security flaws but also offers tailored recommendations for remediation. Through this platform, Horizon3.ai helps organisations meet rising regulatory demands for cyber resilience in Governance, Risk & Compliance (GRC), with guidelines recommending an internal self-attack at least once a week.
Trademark notice: NodeZero is a trademark of Horizon3.ai
Further information: Horizon3.AI Europe GmbH, Sebastian-Kneipp-Str. 41, 60439 Frankfurt am Main, Web: www.horizon3.ai
PR Agency: euromarcom public relations GmbH, Tel. +49 611 973150, Web: www.euromarcom.de, E-Mail: [email protected]
[ad_2]
Source link
Science & Technology
Quantum Computing Breakthroughs: Disrupting Industries with Oxford’s Innovations
A recent breakthrough in quantum computing at the University of Oxford promises to disrupt multiple industries by significantly enhancing computational capabilities. Explore the technological implications and potential disruptions poised to redefine sectors.
In May 2026, the University of Oxford announced a significant breakthrough in the field of quantum computing, unveiling an advanced error correction algorithm that has the potential to transform computational capabilities. This development is not just a scientific triumph; it heralds a new era of technological disruption across multiple industries. Quantum computing, long anticipated as the next frontier in technology, promises to solve complex problems beyond the reach of classical computers, and Oxford’s latest advancement brings this closer to reality.
At the core of this breakthrough is the enhancement in quantum error correction, a critical component that addresses the inherent instability of qubits, which are the fundamental units of quantum information. Traditional computers use bits of 0s and 1s, but quantum computers operate on qubits, which can exist in multiple states simultaneously. This superposition allows quantum computers to process information exponentially faster than classical computers. However, qubits are notoriously prone to errors due to environmental noise and operational inaccuracies. Oxford’s new algorithm significantly improves the error correction process, maintaining qubit stability longer and allowing extended computational tasks to be performed accurately.
The implications of this are profound. Industries ranging from pharmaceuticals to finance stand on the cusp of disruption as quantum computing offers the ability to model complex molecular structures, optimize large-scale financial portfolios, and even revolutionize artificial intelligence algorithms. In pharmaceuticals, for example, quantum computing can expedite drug discovery by accurately simulating molecular interactions, potentially reducing the time and cost associated with bringing new drugs to market. Similarly, in finance, quantum algorithms can optimize trading strategies and risk management with a precision unattainable by current technologies.
Moreover, the ripple effects of such a leap in computational power extend to data encryption and cybersecurity. Quantum computers possess the potential to decrypt classical encryption methods, prompting a race for quantum-resistant cryptography. This necessitates a paradigm shift in how we secure digital information, affecting every sector that relies on data security.
Despite the tremendous promise, the transition to quantum computing is not without its challenges. The infrastructure required to support quantum technologies is expensive and complex. There is also a significant skills gap; experts in quantum computing are scarce, and training a new generation of scientists and engineers is imperative. Furthermore, ethical considerations regarding the power of quantum computing must be addressed, particularly in terms of privacy and security.
Looking forward, as quantum computing continues to evolve, industries will need to adapt swiftly to harness its capabilities. Early adopters who invest in quantum technologies and develop quantum-ready strategies will likely dominate in the coming decade. As Oxford’s breakthrough demonstrates, the race is on to fully realize the potential of quantum computing and redefine the boundaries of what is technologically possible.
Science & Technology
Apple’s AI Innovations: Shaping the Competitive Landscape in 2026
Apple’s latest advancements in artificial intelligence are setting the stage for a competitive showdown with other tech giants. This article explores how Apple’s AI strategy is positioning the company in the fast-evolving tech landscape.
In the bustling realm of technology, few companies command as much attention as Apple. In 2026, the Silicon Valley titan has once again captured the tech world’s gaze with its latest advances in artificial intelligence. As Apple unveils a suite of AI-driven innovations, the competitive landscape is poised for a seismic shift.
Apple’s strategic focus on AI is not merely about introducing new features but is a calculated move to redefine user experiences while maintaining its staunch advocacy for privacy. At the heart of Apple’s AI initiatives is the promise of personalization—an AI that learns and adapts to the user’s preferences, offering seamless interaction across its range of devices. This focus is especially pertinent in an era where user data is a hot commodity, and privacy concerns are at an all-time high.
What sets Apple apart in the AI race is its dual emphasis on innovation and privacy. While competitors like Google and Amazon have long been heralded for their AI prowess, often prioritizing expansive data collection to fuel their AI engines, Apple has carved out a niche by leveraging on-device processing. This approach not only mitigates privacy risks but also enhances real-time responsiveness, a crucial factor in user satisfaction.
The competitive implications of Apple’s AI advancements are profound. Google’s AI, renowned for its search and recommendation algorithms, faces a formidable challenger in Apple’s ecosystem-centric approach. Meanwhile, Amazon’s Alexa, which dominates the smart assistant market, must contend with Apple’s Siri, now equipped with enhanced contextual understanding and predictive capabilities.
Microsoft, another major player, has been making strides with its integration of AI in cloud services and productivity tools. However, Apple’s holistic approach—integrating AI across hardware, software, and services—presents a cohesive strategy that is difficult to replicate. This integration not only ensures a seamless user experience but also reinforces brand loyalty, a cornerstone of Apple’s business model.
As AI continues to evolve, the stakes in the tech industry are higher than ever. Apple’s innovations are not just about keeping pace but are strategically designed to place the company at the forefront of the AI revolution. In doing so, Apple is not only safeguarding its market position but is also setting new benchmarks in how technology can enhance and secure our digital lives.
The road ahead will undoubtedly see further advancements and competition, but Apple’s current trajectory suggests it is well-positioned to lead in the AI domain. By prioritizing user-centric design and privacy, Apple is not just participating in the AI race; it is setting the pace.
Science & Technology
AI Fitness Instructors and Unreal Gains: Revolutionizing the Fitness Industry
The rise of AI-driven fitness programs is transforming the fitness industry. Explore the technology, its impact on traditional fitness models, and how it is reshaping consumer expectations.
Artificial intelligence is making its mark across various sectors, and the fitness industry is no exception. With the advent of AI-driven fitness instructors, there is a seismic shift underway in how fitness is perceived and pursued. This article delves into the rise of AI in fitness, examining the technology behind it, its effects on traditional fitness models, and the shifting expectations of consumers.
In recent years, AI fitness instructors have become increasingly popular, offering personalized workout programs, real-time feedback, and virtual coaching. These AI systems utilize advanced algorithms to tailor fitness routines that adapt to an individual’s progress and preferences, making fitness more accessible and engaging than ever before.
At the core of AI fitness instructors is sophisticated machine learning technology. These systems collect data from various sources, such as wearable devices and user inputs, to create personalized fitness plans. AI analyzes this data to optimize workouts, ensuring they are challenging yet achievable, and provides insights that were previously accessible only through one-on-one sessions with human trainers.
The integration of AI into fitness is transforming traditional models. Gyms and fitness centers are incorporating AI technologies to enhance their offerings, while some consumers opt for entirely virtual experiences. This shift is challenging the status quo, pushing traditional trainers to adapt by integrating technology into their own practices to remain competitive.
As AI fitness programs become more prevalent, consumer expectations are evolving. Users now demand more personalized and flexible fitness solutions that fit into their busy lifestyles. AI provides this adaptability, offering users the ability to engage in workouts anytime, anywhere, without compromising on quality or effectiveness.
Looking ahead, the role of AI in fitness is set to expand. As technology continues to advance, we can expect even more innovative solutions that enhance user experience and outcomes. AI-driven gamification elements, for example, are already being explored to increase engagement and motivation.
The rise of AI fitness instructors represents a significant evolution in the fitness industry. By offering personalized, accessible, and innovative solutions, AI is not only transforming how people engage with fitness but also challenging traditional models and expectations. As this technology continues to develop, the potential for further disruption and improvement in the fitness sector is immense.
-
Business & Finance11 months agoApple Appeals €500 Million EU Antitrust Fine: A High-Stakes Battle Over App Store Rules
-
Business & Finance1 year agoWarren Buffett Retires: What’s Next for Berkshire Hathaway and Global Markets?
-
Entertainment & Arts5 days agoDrake’s ‘Iceman’: A Streaming Chart-Busting Success Story
-
Science & Technology1 year agoUnited Chargers Announces Full Integration and Multi-App Capability for Grizzl-E EV Charging Stations With ev.energy
-
Environment & Nature3 years agoLondon Zoo shares incredible archive x-ray images of turtles, penguins and rattlesnakes
-
Entertainment & Arts1 year agoOXYGEN FILMS ANNOUNCES NEW FILM ‘NOSEBLEED’ — A BOLD QUEER THRILLER THAT PEERS INTO THE DIGITAL ABYSS.
-
Science & Technology1 year agoSkype Officially Shut Down by Microsoft: End of an Era for Internet Calling
-
Business & Finance9 months agoFed Ends Crypto-Specific Oversight: What It Means for the Industry