Cyber security is often deemed complex and confusing, but what if there was a simple way to recreate real-life business scenarios where a cyber-attack could occur and allow you to practice your response to it?
Well, the good news is that this already exists and is an online tool from the National Cyber Security Centre. Exercise in a Box is essentially a box full of exercises based around real world scenarios with probing questions attached to each scenario.
Who is Exercise in a Box for?
Anyone, no technical skills are necessary! This is a great way to engage other areas of your business on cyber threats. However, it is recommended particularly for those in the following roles and positions:
Senior decision makers
Senior IT stakeholders
Technical IT security owners
Media/press/communications and marketing
Company policy owners
The tool allows your business and employees to do complete the exercises in your own time and in a safe environment. There is no responsibility for you to find materials for the scenarios, as it includes everything you need for setting up, planning, delivery, and post-exercise activity.
The exercises are broken into three categories, discussion based exercises, simulation exercises and micro exercises. Within each category is a breakdown of what each exercise will cover, how long it will take and a link to the resources need to complete that specific exercise.
An example of one of the scenario’s available is that of a phishing attack (when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link) leading to a ransomware infection, preventing you from accessing your computer (and the data that is stored on it).
Other exercises also included are:
Responding to a ransomware attack
Connecting securely to a network when working remotely
Mobile phone theft and response
And many more!
Find out more about Exercise in a Box, here.