top of page

Сase study:
FINTECH

 Romania Fintech Startup preparing for DORA

Romania-based payment platform approached us with the goal of preparing for compliance with DORA (Digital Operational Resilience Act). Meeting DORA requirements was critical for their business growth, especially for building credibility with banking partners and ensuring readiness for future regulatory audits.

Challenge
While the client initially focused on regulatory compliance, it quickly became clear that their infrastructure faced broader cybersecurity and operational resilience challenges. Without immediate improvements, they were exposed to risks such as service disruption, financial fraud, data compromise, and non-compliance penalties.
Methodologies we use
logo owasp
osstmm blue logo
NIST logo
PTES logo
Our Approach
We implemented a holistic security model that engaged our full range of expertise across three specialized teams: GRC, Red Team, and Blue Team. These teams collaborated seamlessly to cover all aspects of cybersecurity — from compliance to offensive security and proactive threat monitoring.
Perform regular security assessments
Red Team

  • Conducted penetration testing, uncovering a critical API vulnerability that could have allowed manipulation of transactions and potential theft of customer funds.
     

  • Supported the client in fixing the issue within days, closing a high-risk gap before it could be exploited.

Regularly conduct employee security awareness training
Blue Team

  • Detected a real security incident within the first month: suspicious external IP activity attempting brute-force attacks against the admin panel.
     

  • Implemented immediate incident response procedures and established proactive monitoring with event correlation to prevent similar threats.

Implement strong password policies
GRC Team

  • Developed security policies and operational resilience procedures in line with DORA requirements.
     

  • Helped the client collect and structure compliance evidence across risk management, ICT governance, and incident reporting.
     

  • Formalized undocumented business processes, ensuring they were aligned with supervisory expectations and audit readiness.

Results

Featured icon.png

The client moved forward with DORA compliance readiness, building the required governance, risk management, and ICT security framework.

Featured icon.png

Eliminated critical vulnerabilities that could have led to significant financial and reputational losses.

Featured icon.png

Established continuous monitoring and reporting capabilities, meeting resilience expectations.

Featured icon.png

Built trust with banking partners and positioned themselves strongly for market expansion in the EU financial ecosystem.

Key Takeaway

The startup’s success was driven by a comprehensive security and resilience approach. Our Red, Blue, and GRC Teams worked seamlessly as one — combining compliance expertise, offensive testing, and defensive monitoring. This unified model not only prepared the client for DORA compliance but also delivered end-to-end cybersecurity and operational resilience from day one.

Are you interested in learning more about this case or do you have similar security needs?

Our team of experts at ESKA delivered a complex cybersecurity project for a fintech startup by uniting the strengths of our Red, Blue, and GRC teams. 

Partner with ESKA today to build a holistic cybersecurity strategy that empowers your business to stay compliant, resilient, and ready for the future.

Cyber security engineer
bottom of page