How to ensure your business is DORA compliant

04/06/24 Wavenet

Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician.

Financial services organisations experienced three times the number of cyber security breaches in 2023 than in 2022.

2023 was also the year that a piece of legislation was enacted that aims to strengthen security in financial services organisations – DORA (the Digital Operational Resilience Act). DORA applies to the many UK-based financial services organisations that have operations in the EU. These organisations must be compliant by 2025 or face fines of up to 2% of their global revenue.

To be compliant, DORA requires organisations to implement measures across – risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring. In return, DORA will significantly reduce the risk of cyber security breaches and will increase business leaders’ understanding of security.

While the long-term benefits are clear, the journey to compliance – and experiencing those benefits – may seem long and complicated. But, with improved network visibility you’ll find it’s easier than you thought.

Eradicate blind spots

The regulation: organisations need to safeguard their supply chains and customers from increasing cyber attacks.

The solution: improve your network visibility to reveal blind spots and protect against attack.

The high volume of sensitive data the financial services sector holds makes it the ideal target for cyber attackers – receiving the second highest level of attacks worldwide in 2023.

To safeguard your customers from attack you need effective systems and processes in place to ensure you’re always one step ahead of bad actors. The simplest way to do this is to improve your network visibility so you have clear oversight over your entire network, including any blind spots.

With this detailed insight into data traffic and network activity, you can identify and mitigate potential security threats before they cause significant disruption. By taking a proactive approach to security, you’ll meet DORA’s requirements for robust risk management.

How we can help: Gigamon Precryption provides you with the operational resilience you need to meet DORA requirements. With comprehensive visibility across your organisation's entire network, Precryption eliminates blind spots by revealing concealed threat activity and anomalous data before it hits an encryption library and moves on to your network. In other words, it stops threats before they can get a foot in the door.

Test regularly

The regulation: Organisations should implement resiliency testing programs based on their risk assessments.

The solution: Conduct regular stress tests to identify weaknesses, vulnerabilities and failures.

The threat landscape is constantly evolving so it’s vital that you’re up to date with the latest risks and regularly test your ability to defend against them.

Financial services organisations have long been on high alert for ransomware attacks, but cyber extortion is expected to be more common in 2024 –there’s always a new threat lurking around the corner hoping to exploit a weakness.

But you can strengthen your defences by conducting regular risk assessments to identity vulnerabilities before bad actors discover them. With improved network visibility, your risk assessments will be more accurate, and you’ll be able to create stronger resiliency testing programs.

How we can help: GigaSMART enables real-time monitoring of network performance, traffic and data, giving you the enhanced visibility you need to identity any weaknesses or vulnerabilities in your system. Armed with these insights, your resiliency testing programs will secure any gaps in your defences.

Report incidents

The regulation: The reporting of breaches needs to be faster to ensure quicker response and reduced impact.

The solution: Implement centralised management tools to increase incident response times.

If a bad actor does slip through the cracks, your customers could be severely impacted. You can reduce the impact of a breach by having efficient reporting systems that quickly identify the attack and remediate it.

You can speed up your response times by using a centralised management tool. These tools enable you to generate and maintain logs and records of network activity. With all your systems integrated in one location, you can compile reports and respond quickly to attacks without being slowed down by system incompatibilities. Which means that if a bad actor does slip through your defences, you’ll be able to send them straight back out again.

How we can help: GigaVUE Appliances provide real-time insights, helping you to rapidly identify the source and scope of the problem, and create a faster and more coordinated response.

Achieve compliance with network visibility

These solutions all have one thing in common – improved network visibility. The ultimate aim of DORA is to improve the resilience and security of the financial services sector and the best way to do that is to ensure that you have as much insight into your network as possible.

You can make this easy for yourself by implementing tools that have been specifically designed to provide you with this visibility. These tools will also help prevent threats and rapidly remediate them when they do occur.

With these systems in place, you can rest assured that you are DORA compliant. Then you can start enjoying the benefits of your new processes and the security of adhering to the new legislation.

To find out more about DORA and the steps you need to take to be compliant, join us at our free event on 26th June.

Cyber Security, Financial services, Network Intelligence, Gigamon

Latest blogs

See all posts

Placeholder thumbnail

Boardroom vs breach: 20 questions every IT leader should be asking about cyber security

Cyber threats are evolving faster than most organisations can keep up. Between new attack techniques, expanding digital estates, and the cyber skills shortage, even well-equipped IT teams are struggling to stay ahead. It’s no longer enough to tick compliance boxes or to simply deploy the latest tools. Real security starts with asking the right questions and acting on the answers. That’s why we’ve created Boardroom vs Breach, a 20-question self-assessment designed to help IT leaders and those responsible for cyber-security take a clear-eyed look at your current security posture, highlight blind spots, and spark critical conversations at board level. Why this matters The cost of a cyber breach isn’t just downtime – it’s trust, reputation, compliance fines, and lost revenue. Yet many companies don’t know if their defences are actually up to the task – do you? These 20 questions aren’t about theory; they reflect real-world weak points that we see every day. If you can’t answer them confidently, we can help. The 20 questions you need to answer Visibility & monitoring Do you have complete visibility of your IT assets? What visibility do you have into incidents and events across your infrastructure? How do you manage your security tooling? How many different tools are you running — and are they working together? Are your systems and endpoints patched regularly? Our advice: Gaining complete visibility starts with consolidating event data, automating alerts, and ensuring continuous oversight across your entire estate. Take a look at: Security Information and Event Management Vulnerability Management Managed Detection and Response Threat detection & response What happens if an incident occurs after hours? How do you find out? Who responds? When was your last penetration test? How regularly do you conduct them? What protections are in place for endpoints, email, and networks? What level of visibility do you have into potential breaches? Do you work with a partner that offers 24/7/365 response and real-world support? Our advice: Improve threat visibility and reduce response times by combining real-time monitoring with expert-led incident analysis and containment. Take a look at: 24/7/365 Managed Detection and Response Incident Response Retainers Penetration Testing and Red Teaming Cloud & modern IT risk Do you use public cloud services? Are you confident in how they’re secured? How do you manage and secure user devices remotely? What vendors are you currently relying on — and are they right for your risk profile? How do you secure your network beyond the firewall? Our advice: Extend visibility beyond the traditional perimeter by applying cloud-native monitoring, endpoint telemetry, and policy-based access control. Take a look at: Cloud Security Assessments Secure Access Service Edge (SASE) Endpoint Detection and Response (EDR) People, process & planning How are your users trained to detect attacks such as phishing? Do you have access to expert help in a crisis? What cyber expertise exists in-house — is there a dedicated security leader? How do you create a positive security culture, not just rules? What threats are most relevant to your industry? Are you meeting required regulations and compliance standards? Our advice: Build better situational awareness by aligning people and processes with continuous monitoring and clearly defined escalation paths. Take a look at: Security Awareness Training Virtual CISO Services Compliance and Risk Consulting And a bonus question, with potentially the most worrying answer of all… What would a breach cost your business — financially and operationally? Putting it all together While individual solutions can address specific security challenges, working with a trusted managed services and security partner ensures cohesive, round-the-clock support across every aspect of your cyber security posture — delivering greater efficiency, resilience, and long-term value. We work with IT and security leaders across all sectors to assess risk, build resilient cyber strategies, and deliver comprehensive protection that scales with your business. From real-world penetration testing to 24/7/365 threat detection, cloud security, and expert consultancy, we’re your trusted partner in securing the ‘now’ — and preparing for what’s next.

Placeholder thumbnail

Migrating legacy on-premises PBX to the cloud: The tide has turned [whitepaper]

Cloud is the clear choice for business communications Industry watchers and pundits all agree that in the cloud-versus-premises PBX debate, the cloud has won. Cloud-based “as a service” solutions are taking off as companies look to the cloud for their unified communications (UC), collaboration, and contact centre needs.

Placeholder thumbnail

7 benefits of moving from an on-premises PBX to the cloud [whitepaper]

Tipping points: Factors typically driving the transition from a legacy PBX to cloud VoIP Essential business apps are now born in the cloud. Whether you have a CRM solution, something for HR, or simple file storage, it’s probably in the cloud. But for any number of reasons – not the least of which is the relatively large investment required for a new PBX – many businesses have delayed upgrading their PBX and moving it to the cloud. Consequently, you may be living with a communications system that lacks the capabilities and flexibility to support rapid growth or business agility. Or you may be dealing with the worry that you are literally one ageing component away from complete failure of your company’s business communications... Whatever your current situation, this paper provides useful insight, including understanding the factors typically driving the transition from a legacy PBX to cloud VoIP and factors to consider when selecting a communications provider before drilling down into each of the 7 key advantages of moving to a cloud communications system…

Placeholder thumbnail

Microsoft 365 by Wavenet - video

Microsoft 365 is a comprehensive cloud-based subscription service that integrates collaboration, communication, and productivity tools for enterprises, supported by various management and compliance services. Microsoft 365 brings together best-in class productivity apps with powerful cloud services, device management, and advanced security in one, connected experience. Once used to its full potential, Microsoft 365 can speed up processes, reduce costs, save time and make compliance easier. But its constant updates and complexity often get in the way. That’s where we help — with nine practical ways to get more value from Microsoft 365, from buying and configuring it to improving security, collaboration and everyday use. Watch our 3 minute video below, to find out how…

Close up of a server stack with flashing lights

3 reasons why reliable network infrastructure is the backbone of digital transformation

Reliable network infrastructure is the foundation of any successful digital transformation. In this short video, Tom Harris explains how strong connectivity supports secure operations, enables remote work, and gives businesses the flexibility to scale and innovate. From improved data protection to cloud readiness, learn why getting your network right is essential for long-term growth.

Top 3 cyber practices every business should adopt

Top 3 cyber practices every business should adopt

Cyber security threats are evolving, but so can your defences. In this short video, Tom Harris shares three essential practices every business should adopt to protect sensitive data and reduce risk: implementing strong access controls, delivering regular security training to employees, and keeping software up to date. These simple, proactive steps can make a big difference in strengthening your organisation’s security posture.