Grant Thornton's Approach to Threat Led Penetration Testing (TLPT)

The Digital Operations Resilience Act (DORA) represents a significant step in strengthening the digital resilience of the financial sector within the European Union. This regulatory framework aims to ensure that all entities in the financial system have the necessary safeguards to mitigate cyber threats and operational disruptions. DORA establishes stringent requirements for digital risk management, mandating rigorous testing and assessment protocols to identify vulnerabilities in digital infrastructures.

The Importance of Threat Led Penetration Testing (TLPT) under DORA

  • At the core of DORA's requirements is the implementation of Threat Led Penetration Testing (TLPT). TLPT differs from traditional penetration testing by being intelligence-driven and focusing on simulating realistic cyber-attack scenarios. This approach is crucial for financial institutions to not only comply with DORA but also to proactively identify and address potential security breaches in their digital operations.
  • Threat led penetration testing, or TLPT, is a specialized form of red team assessment influenced by threat intelligence. In the local market, red teaming capabilities have been present for many years, yet it's noted that only a select few companies engage in this sophisticated security testing. On another note, the generation of tailored threat intelligence is a relatively newer element in the cybersecurity domain, especially within Cyprus's Cybersecurity industry. The distinct advantage of TLPT lies in its ability to offer more realistic and beneficial security testing, surpassing the limitations of traditional penetration tests and vulnerability assessments.
  • TLPT’s approach is crucial for financial institutions to not only comply with DORA but also to proactively identify and address potential security breaches in their digital operations.
    Grant Thornton is equipped to deliver TLPT services by integrating both local and international expertise. This method allows for the synergy of the skills  and local insights of Cyprus-based testers with the vast experience of testers and analysts who have conducted complex TLPT projects in major financial institutions, adhering to standards like TIBER-EU and CBEST.

The Grant Thornton Advantage

With the implementation of DORA, financial institutions face the dual challenge of complying with regulatory requirements and fortifying their digital operations against sophisticated cyber threats. Grant Thornton's expertise in Threat Led Penetration Testing positions us uniquely to assist businesses in navigating these challenges. Our comprehensive approach to TLPT, combined with our deep understanding of DORA, enables us to offer unparalleled support to businesses in strengthening their digital resilience and ensuring compliance with regulatory standards. By partnering with Grant Thornton, businesses can confidently face the digital future, secure in the knowledge that their infrastructure is resilient, compliant, and prepared to withstand the evolving landscape of cyber threats.

Access the full document

Access the full document

Download PDF [1138 kb]