Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

Late last year, Australia’s Cyber Security Act 2024 received Royal Assent and became Law. It was a huge moment for cybersecurity legislation in Australia, serving as the country’s first-ever standalone cybersecurity law, addressing key legislative gaps, and bringing the country in line with international best practices. But what’s included in the Act? And what does it mean for businesses? Keep reading to find out.

The Digital Operational Resilience Act (DORA) is one of the most significant cybersecurity regulations for financial institutions in the European Union (EU). Failure to comply can have massive consequences, including financial penalties and forced operational downtime, meaning achieving DORA compliance should be a priority for all EU financial institutions. Implementing a comprehensive API security strategy goes a long way toward ensuring compliance with DORA requirements.

In December 2024, Malaysia passed its Data Sharing Bill 2024, a new piece of legislation aimed at streamlining data-sharing across federal government agencies. This bill promises to revolutionize how data is managed, shared, and secured within Malaysia's government, fueling a more efficient, innovative, and secure public sector.

The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.

The Digital Operational Resilience Act (DORA) has been developed to protect the financial sector, which is particularly vulnerable to cyberattacks. According to the IMF’s 2024 Global Financial Stability Report, the number of cyberattacks has progressively increased since 2004, and nearly 20% of these attempts target financial institutions. DORA serves as a regulatory measure in the European Union (EU) to improve cybersecurity and operational resilience of organizations in the financial sector.

The Digital Operations Resilience Act (DORA) is a new regulation aimed at improving the cybersecurity and operational stability of the EU's financial sector, especially regarding risks related to information and communications technology (ICT). It applies to organizations in the financial industry, requiring them to reassess and adapt their security posture to DORA’s stringent requirements.

The EU is making active efforts to secure the citizens and their data. New laws are implemented and as a compliance, MFA is mandated for enterprises.

The Digital Operational Resilience Act (DORA) is a mandatory EU regulation that aims to unify various information and communications technology (ICT) risk management frameworks into one comprehensive set of guidelines and requirements. ‍ The regulation is built around five pillars that strengthen and facilitate the digital and operational resilience of entities in the finance and insurance sectors.

Given the reality of today’s cybersecurity, it is of utmost importance to have frameworks and regulations. These help both the customers and the organizations to stay protected against the cyber threats that are around us. On 17th January 2025, the Digital Operational Resilience Act (DORA), formally known as Regulation (EU) 2022/2554, came into full effect.