Image: © Stockwerk-Fotodesign/Stock.adobe.com
Elio Networks’ Philip Russell discusses what companies need to consider ahead of the EU regulatory framework.
From this coming January, companies across the EU face a nasty headache if they don’t shape up in terms of connectivity. The Digital Operations Resilience Act (DORA) may seem like a burden on businesses but it presents a great opportunity for companies to enhance their reputations.
DORA is a regulatory framework being created by the EU designed to ensure financial entities and the IT providers that support them have resilience in their systems. The regulation came into force officially earlier this year but will be fully enacted in January 2025. It’s a regulation that is asking a lot of businesses, but in matters these organisations should already care about.
While the clock is ticking, it’s best that organisations first take a step back. They need to examine where there are weaknesses in their systems and what threats they could face. Specifically, they need to work out the threats to their operational resilience, which in turn would impact their ability to provide services to their customers.
Businesses have to make sure they have robust cybersecurity but also an always-on dedicated internet connection. Really, everything that goes with an entity’s IT infrastructure that could potentially bring down operations needs to be identified and addressed.
The fines for failing to meet these standards are significant. A 1pc fine on the previous year’s revenue can be imposed. It makes sense to invest in improvements before risking such punishment.
Reputation matters
It’s not just about the immediate financial punishment. From my own past experience in the financial services, I’ve seen the reputational damage that can occur to a business and the fiscal impact of a loss in confidence in a company.
Inversely, there are clear reputational benefits for the organisations that meet the standards set by DORA. It goes beyond the bare advantage of being observant with a regulation. When a company meets a standard like this, it sends a message to customers, partners and suppliers that it is trustworthy and professional.
Everyone now lives in an environment where what they do is either in the cloud or attached to some kind of dedicated internet access service. If you have just one internet connection and that goes down, you no longer have operational resilience. That’s what DORA is trying to mitigate and where the network operators get involved ahead of time to provide redundancy.
This is just one part of a series of regulations either introduced or coming down the tracks. The likes of GDPR, NISD, and NIS2 are all working with essentially the same goal in mind as DORA. Companies are being required to take ownership of their security policies in the C-suite and ensure effective measures have been taken.
DORA addresses one of the pillars around operational resilience, specifically on ensuring that connectivity aspect is maintained.
Any organisation working in the financial sector, including ICT providers, needs to step up and meet the standards being set by DORA. The majority of monitoring and threat awareness is now managed through the cloud. That requires a resilient internet connection to ensure constant visibility and observation of the regulations.
We’re working on one strand with businesses around the wide area network, but businesses need to sit down and plan holistically. If your infrastructure is managed centrally, the process is clear enough in that your own in-house team manages it.
However, many companies outsource to managed services providers, due to the greater access to a wider range of skills. In these instances, the provider needs to do threat-led penetration testing, which as the name suggests addresses where threats are capable of penetrating.
From our perspective, we are doing audits of wide area network infrastructure. That involves working out what providers the customer is working with now and ensuring there is resilience in the infrastructure.
For context, if you have a fibre connection you need to plan for what you would do in the event that was compromised. The solution there is having a fixed wireless back-up in the air to prevent you going down fully.
The time to plan is now. Start with a full audit of your disaster recovery situation then work with partners to address how each piece of your infrastructure can be brought up to standard.
Philip Russell is sales and commercial director at Elio Networks.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
