What does it mean to be secure in your sector? While every organization has its own cyber security policies, numerous pieces of legislation also set out minimum requirements for security that firms must reach or else be held accountable through fines.
The EU’s Digital Operational Resilience Act – which came into force in 2023 and applies from 17 January 2025 – aims to do just this for financial entities within the region.
But what does being DORA-ready mean in practice? And how will the legislation add to the responsibilities of IT professionals?
In this episode, Jane and Rory speak to John Stevenson, Technical Director at Skybox, to better understand the EU’s Digital Operational Resilience Act and what it means for businesses.
Highlights
“So obviously many organizations, not least in the financial sector, will have, you know, red teaming and penetration testing activities and exercises that they do, however, to augment that, being able to model the environment is actually a pretty important thing when it comes to enhancing your cyber resilience.”
RELATED WHITEPAPER
“The worry is, of course, that if there's a compromise somewhere, then it can spread across the domains if you will. Therefore, what DORA essentially says is you have to know what your connections are to third parties. And you have to know the precise nature of those connections, obviously, with the view to being able to isolate them if you need to.
“This is a much more systematic approach. This says you need to be continuously managing your exposure. It says you need to take a risk-based approach, and that means you need to look at your organizational risk and how you're going to what tools and methodologies you're going to use to deal with that because they're not going to be the same across every bit of every organization.”
Footnotes
- What is the EU’s Digital Operational Resilience Act (DORA)?
- DORA and why resilience (once again) matters to the board
- ‘Borderline irresponsible’ attitude to third party risks must change, says expert
- Supply chain attacks are still plaguing enterprises – here's why
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Four-day weeks and Nadella's AGI skepticismITPro Podcast As the Microsoft chief casts doubt on ultra-advanced AI systems, a famous security blogger has fallen victim to a classic attack
-
Creating space for women in techITPro Podcast Tech's huge gender divide can only be tackled with more welcoming, proactive sectoral efforts
-
What is the EU's AI plan?ITPro Podcast As the EU moves to enable AI innovation, it could end up striking the perfect balance between regulation and public support – especially as US AI laws become more complex
-
The trends we’re watching in 2025AI for security and sovereign cloud could be top driving forces in the coming year
-
The 2024 that didn't happenThese are the megatrends of the year that failed to materialise
-
Can the four-day week work for tech?ITPro Podcast As the four-day week gives Icelandic workers a boost, we also look at whether AI coding is up to scratch – and if OpenAI can keep its funding momentum
-
How to sell cyber security without the FUDITPro Podcast A trusted network of cybersecurity marketing professionals can help professionals cut through at the board level
-
Why Open Banking from a bank?Special Edition Harnessing the best of open banking allows enterprises to track spending in near real-time
