Is your business ready for DORA? Cisco ThousandEyes outlines the "three pillars" everyone needs to have in place to be resilient

Features
By published

The dangers of downtime - Digital Assurance and DORA

Eu
(Image credit: Unsplash)

With the Digital Operational Resilience Act (DORA) becoming enforceable on January 17 2025, financial organizations have to follow a strict set of rules regarding how they prepare for and respond to incidents, especially when it comes to outages and cyberattacks.

Joe Vaccaro, VP and GM of Cisco ThousandEyes, has told TechRadar Pro there are three pillars to becoming digitally resilient; security, assurance and observability.

Outages in the financial sector can have serious consequences for customers and for firms, and the Financial Conduct Authority has already warned the risk of Crowdstrike-esque outages is ‘severe but plausible’ going into 2025.

Downtime is costly

Part of the DORA regulation is about setting companies up to be protected against outages. Although ransomware and cyberattacks are dominating the conversation, outages can just as often originate from unpatched systems or bugs.

“What we see many times is that outages are not malicious in intent, but they're simply a misconfiguration at a critical point within an adjacent domain,” Vaccaro says.

Looking back at 2024, it's hard not to remember the biggest and most costly outage, the notorious CrowdStrike incident, where the estimated damage was in the billions and millions of devices were affected, but the incident likely stemmed from a misconfiguration rather than a cyberattack.

That said, companies must offer an equally robust response to misconfiguration as they would to a cyber threat, Vaccaro says. The incident response process is largely the same, and a thorough understanding of your digital dependencies can dictate the effectiveness of a firm’s actions:

“Can you detect if you have a problem? Can you localize to where along the path the problem is? And then as part of the diagnosis, can you understand how the configuration has changed both in your own infrastructure as well as infrastructure that you rely upon so that you can then mitigate it?”

In response to an outage, speed and accuracy is key, Vaccaro says, because downtime doesn’t just mean an inconvenience, but can cost a company serious money - he gives the example of a US healthcare firm which suffered an outage before becoming a ThousandEyes customer:

“They calculated the cost of downtime to them in a real life situation was over a million dollars per minute, and they were in the face of operating in an outage that was over six hours. So when you think about the cost of implementing digital resilience versus the cost of doing nothing.”

Digital assurance

A key part of digital resilience is just understanding the software you use and where it comes from, Vaccaro says. By understanding the services, vendors, and third party software your firm uses, you can be much more confident in your incident response.

“So from a ThousandEyes lens, we've been helping customers now for well over a decade to be able to map these digital dependencies” he says.

“And we think of ourselves in many ways like the Google Maps of the internet. How do you have the ability to understand from where you are to where you're looking to go, what are all the routes that you're gonna be taking? What are all the digital services that you're gonna be traversing so that we can help customers to both discover an inventory and then be able to operate through this new world.”

Evolving regulations

Whilst the DORA regulation is an EU legislation, it still applies to many non-European firms who participate in European financial markets, meaning even UK and US firms need to be up to scratch.

“I think the first thing to highlight is that, you know, we live in a highly interconnected world,” Vaccaro points out.

“You know, where I live here in the United States, I'm accessing services provided from European countries all the time. And that's just part of the global economy that we live in.”

This could also help usher in stricter regulations in the US and across the world, as Vaccaro points out digital regulations developed in the EU and UK often pave the way for US frameworks, offering greater consumer protections and encouraging data privacy laws, like those seen with the EU’s GDPR and California’s CCPA.

“Important regulations that got their start in Europe that then now have carried over to others as we think about data sovereignty, data privacy, and others," he notes. "And they take different forms and different names, but at the underpinning, they're all trying to achieve similar objectives.”

“I think what's helpful with DORA is how explicitly it calls out the need to be able to increase the resiliency within your business, and that extends beyond just your perimeter but all of the critical dependencies that you rely upon.”

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.
Read more
EU
“Rehearse, rehearse, rehearse” - is your business doing enough on DORA compliance?
An abstract image of a lock against a digital background, denoting cybersecurity.
Cyber resilience under DORA – are you prepared for the challenge?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
NIS2: the GDPR of cybersecurity
A digital representation of a lock
The true threat of business downtime
A person standing in front of a rack of servers inside a data center
Is your business primed to respond to downtime?
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in Features
Basset Hound Puppies
The ultimate AI search face-off - I pitted Claude's new search tool against ChatGPT Search, Perplexity, and Gemini, the results might surprise you
Resident Evil 4 Remake Ashley
Forget the Steam Spring Sale that's just ended, these are the six best deals that are still available and I've got in my basket right now
Dream Machine on a laptop.
What is Dream Machine: everything you need to know about the AI video generator
Star Wars BDX Droids walking in Galaxy's Edge.
‘We only build technology in the interest of storytelling’ – Disney’s associate lab director of Robotics on the Star Wars BDX Droids and what lies ahead
Google Gemini Canvas
Is Gemini Canvas better than ChatGPT Canvas? I tested out both AI writing tools to find out which is king
Siri
Siri thinks the president is Keir Starmer, and 4 other examples of incompetency that make me yearn for an Apple Intelligence upgrade
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
The Philips 5000 Series Dual Basket Air Fryer XXL Steam on a kitchen counter with a TechRadar deal logo for lowest price

I've been using this Philips air fryer with steam for months and I can't recommend it highly enough at its lowest price yet
See more latest
Most Popular
Basset Hound Puppies
The ultimate AI search face-off - I pitted Claude's new search tool against ChatGPT Search, Perplexity, and Gemini, the results might surprise you
ChatGPT search extension in Chrome.
What is Rawbot? Everything we know about the AI comparison tool
DuckDuckGo AI
What is Duck.ai? Everything we know about DuckDuckGo’s privacy-focused AI chatbot
Dream Machine on a laptop.
What is Dream Machine: everything you need to know about the AI video generator
Siri
Siri thinks the president is Keir Starmer, and 4 other examples of incompetency that make me yearn for an Apple Intelligence upgrade
Resident Evil 4 Remake Ashley
Forget the Steam Spring Sale that's just ended, these are the six best deals that are still available and I've got in my basket right now
Zapier screenshot.
What is Zapier AI: everything you need to know about the AI automation tool
Motion screenshot
What is Mention: everything you need to know about the free AI caption generator
Star Wars BDX Droids walking in Galaxy's Edge.
‘We only build technology in the interest of storytelling’ – Disney’s associate lab director of Robotics on the Star Wars BDX Droids and what lies ahead
EDMONTON, CANADA - FEBRUARY 10: A woman uses a cell phone displaying the Open AI logo, with the same logo visible on a computer screen in the background, on February 10, 2025, in Edmonton, Canada
The surprising reason ChatGPT and other AI tools make things up – and why it’s not just a glitch