• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / DORA / 7 things you need to know about the Digital Operational Resilience Act 

7 things you need to know about the Digital Operational Resilience Act 

by Red Sift
July 4, 2022March 9, 2023Filed under:
  • DORA

The Digital Operational Resilience Act (DORA) is set to transform how the finance sector in the EU – and any business that wants access to it – protects against cyber threats such as cyberattacks, ransomware infections, data breaches, and more. The legislation, introduced by the European Commission, expects firms to mitigate any reasonably identifiable circumstances that could lead to an event that could compromise the digital operational security of the firm. Here are 7 things you need to know about the Digital Operational Resilience Act. 

1. DORA will impact financial firms and other businesses all over the world

DORA’s impact won’t just be contained to financial institutions in the EU. The comprehensive legislation will have wide-reaching global significance primarily for two reasons. First is that it impacts any financial institution or third-party software organization that needs to access the EU market, in this case making it applicable to the USA, UK, Australia, and more. 

The second is that it sets a benchmark for organizations of all sizes in all sectors globally to look to improve their digital operational resilience and business continuity planning. Ultimately, any organization concerned by cyber threats should use DORA as a guidebook to improve its digital resilience. 

2. DORA could be enforced sooner than you think 

DORA is expected to be fully enforced by 2024, but this doesn’t mean affected firms shouldn’t start getting ready. DORA legislation is due to be formally announced as early as Autumn this year (2022). So, it’s vital for all impacted businesses to start preparing now. 

3. DORA will reduce business disruption and protect business continuity

The Digital Operational Resilience Act will reduce business disruption in a number of ways. It will mean businesses are properly equipped to mitigate any reasonably identifiable circumstances that could lead to an event that could compromise the digital operational security of the firm (for example – a cyberattack). Instances such as ransomware attacks and DDoS attacks are known to significantly disrupt business continuity, and DORA helps protect against these and safeguard sensitive data. 

DORA will also reduce business disruption and improve business continuity by creating smoother exit strategies. Now, unscrupulous ICT vendors can no longer leave old ‘not fit for purpose’ kit with financial organizations once their contracts are up, as DORA requires exit strategies to be put in place. 

4. Board members that don’t comply with DORA could face jail 

DORA puts the ‘final responsibility’ to ensure that measures, policies, tools, and protocols are enacted to mitigate cyber threats on a business’ management body (i.e. its boards and directors). If they fail to do this, they could face reputational damage, shareholder litigation, regulatory fines, and even criminal sanctions.

5. To comply with DORA, businesses need to protect against threats relating to email and domain security

According to CISCO, 90% of cyberattacks happen because of weak email security. So, strengthening email and domain protection will be a key consideration for financial entities preparing for DORA. Targeted phishing attacks such as Business Email Compromised (BEC) are extremely common forms of attack, often made successful by ‘domain spoofing’. The FBI has been warning of Business Email Compromise in its IC3 Internet Crime Report since 2015. So, financial entities can consider BEC a reasonably identifiable circumstance and in turn, should implement DMARC (among other measures), to mitigate it. 

DMARC configured at p=reject is a fundamental protection against this. DMARC protects an organization against phishing and BEC by making it impossible for a hacker to impersonate its domain (and brand) to send phishing emails and compromise sensitive data, money, systems, etc. DMARC is recognized by the National Institute of Standards and Technology (NIST), which in turn is recognized by DORA.

6. DORA will mean businesses and supply chains are better protected 

DORA means that financial firms will now only be able to interact with third-party vendors that offer ‘high, appropriate, and the latest information security standards.’ This in turn means that supply chains will become more robust because everyone has to put the right measures in place. 

7. DORA will help businesses make better decisions, faster 

DORA contains everything needed to help financial institutions make better decisions about risk management, data security, risk mitigation, etc. Its comprehensive and straightforward nature also enables faster decision-making. 

Download the whitepaper to find out more about DORA

DORA is a lengthy piece of legislation, and without a law degree, it’s hard to dissect. Luckily, we’ve written an all-in-one whitepaper covering everything from what this new legislation means, to who’s impacted, and how organizations can begin to prepare. Download your free copy below, and start getting ready for DORA today! 

download the whitepaper red sift

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • BEC
  • digital operational resilience
  • Digital Operational Resilience Act
  • DMARC
  • DORA
  • Email
  • operational resilience

Post navigation

Previous Post Red Sift listed in The Channel Company’s first MES Matters Rankings
Next Post Red Sift shortlisted in multiple categories at The SaaS Cloud Awards 2022

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift