Skip to content

After receiving phenomenal positive feedback at our previous live cyber exercising workshops in Edinburgh and Aberdeen, the Scottish Business Resilience Centre organised another Exercise in a Box ‘Ransomware’ in Glasgow on 4th May. The workshop was well-received and drew various industry members from private, public and third sector, for educational and networking sessions.

The Glasgow Exercise in a Box ‘Ransomware’ workshop, was held on 4th May at the Hampden Park. The session was attended by five organisations from public, private and third sector, including Police Scotland, Cohesion Medical, Beatson Cancer Charity, City Facilities Management, Scottish Power, and National Cyber Security Centre. The session started with our CEO, Jude McCorry, introducing our cyber exercising work with the attendees, and emphasising on why it was extremely crucial for Scottish organisations to attend workshops such as these, to strengthen their cyber defences, and prepare an incident response plan, in case a cyber breach were to take place.

Jude McCorry, chief executive of SBRC, said: “Our Exercise in a Box workshops have been successful  in  raising awareness around building cyber resilience defences to nearly 650 organisations across Scotland since we started delivering them in back in Oct 2021.

“Our current focus is on reaching out to organisations from the public and third sector, specifically health and social care, as well as the housing organisations. Through these workshops, we want to enable collaborative discussions to help identify areas that may need additional training. The Micro Exercise in a Box sessions in particular were developed based on the needs of  third sector organisations in Scotland, regardless of their current level of knowledge or understanding of cyber security.

“Organisations cannot afford to be complacent when it comes to cybersecurity these days. In the light of recent happenings, it is evident that cyber attacks are prevalent and therefore it’s essential for all organisations, regardless of the sector, to be clear on both the range of cyber threats and how to handle any attacks.”

Following that, Steve O, Head of Cyber Exercising, NCSC, talked about the significance of utilising a self-help tool, such as Exercise in a Box, for every organisation irrespective of the size or sector, to ensure they are prepared in the unfortunate event of a cyber breach.

Steve O, Head of Cyber Exercising, NCSC, said, “Exercise in a Box is an invaluable resource to help Scottish businesses enhance their cyber resilience.

“It is extremely reassuring to have the Scottish Government and Scottish Business Resilience Centre are championing this free online tool, which is helping Scottish organisations to be better prepared to deal with cyber threats that might come their way.

“I strongly encourage businesses to take the time now to create an Incident Response Plan, exercise it and keep it current.

Declan Doyle, Head of Ethical Hacking and Client Services, SBRC, introduced the ‘Ransomware’ scenario and shared the contents, aims and expectations of the session. Subsequently, the organisations were paired with the experienced facilitators, ethical hackers, who initiate the group discussion and take the participants through mock scenarios and facilitate a set of questions designed to re-create a certain scenario. Find out more about how our workshop is facilitated and the benefits of attending this workshop for any and every organisation here.

Following this, the participants were asked to share their observations, learnings and key takeaways from the workshop. Some of the main points shared were as follows:

  • It is extremely vital to have an incident response plan in place in anticipation of a breach taking place and for the staff members of all levels to be trained to tackle such an incident.
  • The third sector in Scotland  needs to come forward and seek help from organisations such as SBRC when it comes to the lack of knowledge and experience in the ability safeguarding data online and offline. 
  • Public organisations tend to assume that their data is secure if they have a cyber intelligence department, however that’s not always the case – more awareness and capacity building around the subject is required through trainings and workshops.
  • It is important to conduct regular training sessions for all staff members within the organisation, irrespective of their role and job description, to ensure cyber breaches can be prevented, and dealt with if a cyber attack were to occur.

Ransomware is some of the most destructive forms of malware currently in circulation. It has the capability to bring entire organisations to its knees in a matter of days, if not hours. The ransomware can encrypt the targets systems and will demand payment for the restoration of the systems. It is of paramount importance for an organisation to know how to respond to a possible ransomware infection. Ransomware attacks can affect any organisation, and do not discriminate on who is targeted. Find out more about ‘Exercise in a Box’ at SBRC, read more about why this workshop is important for your organisation’s safety.

Event Update: We’re facilitating many more Exercise in a Box ‘Ransomware’, ‘Digital Supply Chain’ and ‘Micro Exercises’ events across Scotland – in collaboration with the Scottish Government, spanning over the next few months. Do register to secure a space