The Digital Operational Resilience Act (DORA) is a piece of legislation set to be introduced later this year. Ultimately, it’s a comprehensive rulebook outlining what financial services organizations and third-party software providers must do to become digitally resilient to cyber threats. While DORA primarily affects businesses in the European Union’s financial services sector, it will also apply to any financial organization outside the EU needing access to this market. So, DORA applies to businesses all over the globe.
To comply with DORA, businesses must make provisions in all areas; from educating board members, to conducting staff training, and reviewing insurance.
But a key area that shouldn’t be overlooked is email and domain security, or rather how businesses look to mitigate threats relating to this.
In this blog, we explore three ways DORA relates to email and domain security, and what businesses can do to strengthen resilience in this area.
1. Email is the global medium for business communication and resilience is crucial
Email is the number one medium for business communication worldwide, with over 333 billion emails sent every day in 2022. So it’s no surprise that attackers target organizations through this sensitive threat vector. Business Email Compromise (BEC) attacks such as Vendor Fraud and CEO Fraud threaten business continuity and operational resilience daily. Often what makes these successful is ‘domain spoofing.’ This is when a cybercriminal impersonates a business’ domain to send phishing emails to its customers, employees, and supply chain. The fake emails are hard for the recipient to spot because they come from a legitimate email address.
In preparing for DORA, businesses now need to consider how they’ll strengthen their email and domain defenses for effective risk management and mitigation. Implementing DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is the crucial first step that every organization should take to secure its domain and brand from impersonation.
2. Business Email Compromise (BEC) is a reasonably identifiable circumstance
The Digital Operational Resilience Act expects affected organizations to recognize and mitigate any reasonably identifiable circumstances that could lead to an event that could compromise the digital operational security of the firm. But what is a reasonably identifiable circumstance?
Any common vulnerability, exposure, or well-known cyber threat could give rise to a reasonably identifiable circumstance. Something is a reasonably identifiable circumstance if the source it’s coming from is a trusted, independent expert that puts you on express notice that a common vulnerability, exposure, or significant cyber threat poses a risk to your business.
Financial organizations should look to credible agencies for guidance on reasonably identifiable circumstances. These include the National Cyber Security Centre (NCSC), Federal Bureau of Investigations (FBI), Global Cyber Alliance (GCA), and National Institute of Standards and Technology (NIST) to name just a few.
The FBI has been warning of Business Email Compromise in its IC3 Internet Crime Report since 2015. So, affected financial organizations and third-party software providers should accept that BEC attacks are a reasonably identifiable circumstance that they need to be protected against.
Then, they should look to mitigate these types of attacks as part of their wider preparation for DORA. Just some of the ways organizations can look to mitigate BEC and related disruption include:
- Implement DMARC at p=reject
- Ensure inbound security with Email Threat Detection
- Implement security awareness training
- Use spoof domain recognition to stop attacks before they happen
3. DORA instructs firms to be able to detect anomalies
In a landscape with ever-expanding cyber threats and sophisticated attacks, being able to get ahead of the game and stop zero-day attacks is becoming an increasing priority for businesses. DORA in fact states that ‘financial entities shall have in place mechanisms to promptly detect anomalous activities’. This instruction could be applied to multiple areas within an organization, and domain security is definitely one of them.
Detection of anomalous activities is integral to the Red Sift platform. Our newest product OnDOMAIN provides organizations with comprehensive insight into their domain perimeter, plus a reliable phishing takedown service.
OnDOMAIN monitors 150 million newly registered domains and subdomains every day. This means that organizations can quickly take down phishing and impersonation sites and even discover and secure legitimate domains that have been forgotten about. It also means they can detect illegitimate use of logos to defend their business’ brand against abuse and reputational damage.
Our other products also include anomaly detection as a key capability. OnDMARC detects and surfaces information to its users in a variety of ways. For example, it detects misconfigured or missing email protocols, declining reputational scores, uncovers shadow IT, and more.
OnINBOX uncovers any malicious attacks in inbound emails by using easy-to-understand traffic light indicators. It also provides insight into an organization’s complete network of connections in one dashboard, so security teams can easily spot potential phishing emails and remediate them.
Book your Red Sift platform demo today
Red Sift is the only provider of an Integrated Email Security and Brand Protection Platform. This is made up of our gold-standard products which work together to protect your organization’s outbound and inbound email communications, as well as your domain perimeter.
While we can’t provide you with every provision in preparation for DORA, our platform can help you mitigate reasonably identifiable circumstances as they relate to email and domain security. So why not book your free Red Sift Platform Demo today?