Companies have less and less time to strengthen their security. What’s in store for them in the near future?

Companies have less and less time to strengthen their security

In January 2023, new regulations were enacted requiring companies and organizations to strengthen their protection against cyber attacks. When do companies have time to prepare, and what exactly do European Union regulations require of them?

The role of technology in business and social life is growing. With it comes a growing threat of cyber attacks. This is why the European Union has developed new regulations – the DORA regulation and the NIS 2 directive. They are expected to raise the level of cyber security across the Union.

Who is affected by DORA and NIS 2?

The DORA regulation, which will take effect in EU Member States on January 17, 2025, covers entities operating in the financial sector, including banks, credit institutions, investment and payment companies, or insurance companies, as well as technology providers to these institutions.

Ebook LinkedIn post 6 EN

NIS 2, on the other hand, is a directive with an implementation deadline of October 17, 2024. It applies to a much more comprehensive range of companies. This is because it covers organizations that provide services critical to the economy and society, such as energy, transportation, water management, healthcare, and digital infrastructure. Importantly – it is primarily applied by entities with the status of at least a medium-sized enterprise.

– The new regulations affect a large number of companies. The most important thing, however, is for each entity operating in the sectors covered by the regulation and the directive to analyze its situation and check whether it must comply with these regulations and, if so, to what extent. It is a good idea to familiarize yourself with the content of the documents today and discuss the topic with your lawyers. Time is short now. It is also worth remembering that both DORA and NIS 2 are aimed at raising the level of cyber-security, so any actions taken in connection with their entry into force will serve both the organizations themselves and their contractors and customers – says Krzysztof Góźdź, Sales Director at Secfense, a company developing cyber security solutions.

How to prepare for new regulations

Neither DORA nor NIS 2 give specific guidance on technologies that implementation will help prepare for the implementation of the new regulations. Instead, they indicate areas for action and possible steps companies can take.

DORA focuses on protecting against cyber attacks and restoring a company’s operations smoothly during a security incident. Among other things, it requires organizations to prepare a cyber security policy, implement appropriate security measures (including encryption, authentication, access control, monitoring, and auditing tools, among others), implement processes for detecting and managing ICT-related incidents, and prepare action scenarios in the event of a cyber attack or other security incident. The NIS 2 Directive, on the other hand, focuses on cyber security risk management measures. It requires critical and essential players to implement appropriate and proportionate technical, operational, and organizational measures to help manage the security risks of networks and information systems and prevent the impact of incidents on their service recipients or other services.

– However, NIS 2 requires essential players to adopt many basic cyber hygiene practices. They include zero-trust, regular software updates, proper device configuration, network segmentation, and identity and access management. Raising user awareness, including organizing employee training and spreading awareness of cyber threats, phishing, and social engineering techniques, is also an important responsibility. – Krzysztof Góźdź adds.

A concrete recommendation – implement strong authentication

While DORA and NIS 2 do not dictate specific solutions to be used, they unequivocally point to the need for strong authentication mechanisms.

– In the DORA regulation, we find explicit language stating that financial entities implement strong authentication mechanisms. There is no room for personal interpretation. In other words – organizations throughout the sector are obliged to implement such solutions. Anyway, this requirement is part of the recommendations of the Financial Supervisory Commission which in October 2022. recognized the lack of use of strong, multi-component authentication customers for unacceptable risks – explains Krzysztof Góźdź. According to NIS 2, organizations themselves should assess their cybersecurity capabilities and, where appropriate, deploy appropriate security technologies such as systems based on artificial intelligence (AI) or machine learning (ML) to improve their ability to protect themselves from cybercriminals.

– What is there to hide – these are far-reaching requirements and recommendations. Therefore, if AI or ML-based solutions are to become standard in enterprises, all the more reason why strong authentication mechanisms should be recognized as a core protection mechanism and form the foundation of an organization’s cyber security ecosystem – concludes an expert from Secfense.

Especially since public administrations and regulators of various sectors, including the Office of Personal Data Protection or the Financial Supervision Commission are increasingly recommending the technology.

Read our detailed study: “Report on the Impact of the DORA Regulation and the NIS2 Directive on the Cyber Security of Companies in the European Union – Analysis Study. Visit the site and download the report.

What is Strong Authentication?

Strong authentication is an advanced method of verifying a user’s identity in processes related to electronic payments and access to online accounts and services. It requires at least two independent verification steps that are difficult to forge. These can use something the user knows (password), has (phone) or is (biometrics).

– Experience shows that the passwords widely used today are not a sufficient barrier to cybercriminals. First of all, because they are easy to steal or guess. Even text messaging is no longer a problem for intruders today. An average criminal can work out SMS 2FA with a few tutorials available on YouTube and break the security in a dozen minutes. The future is phishing-proof multi-factor authentication based on biometrics and cryptography, or FIDO – explains the Sales Director from Secfense. Many MFA solutions are on the market, but they take many months to implement in an organization. In addition, it involves interference with the code. It also forces users to change their habits, which can cause resistance and even the need to change the provider of, for example, banking services.

Recognizing these issues, we have developed a User Access Security Broker solution that enables you to deploy MFA on any application in 5 minutes and roll out MFA across your organization in 7 to 14 days. The technology allows easy and fast implementation of any MFA, including today’s most effective FIDO2, on any application without interfering with its code – concludes Krzysztof Góźdź of Secfense.

Time to comply with the new regulations is running out. Companies that analyze their situation, security systems, procedures, and strategies now and put in place the required technologies and policies will not only be able to look to the future with peace of mind but will also be able to combat the increasing attacks of cyber criminals effectively.

Get the unique guide: an Overview of the DORA and NIS2 Regulations from the Perspective of Cyber Security of Companies in the European Union. Visit the site and download the report.

Antoni takes care of all the marketing content that comes from Secfense. Read More


We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk



We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director


Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera


Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT