Skip to content

Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

It is completely free, and you don’t have to be an expert to use it. The service provides exercises, based around the main cyber threats, which your organisation can do in your own time, in a safe environment, as many times as you want. It includes everything you need for setting up, planning, delivery, and post-exercise activity, all in one place.

digital supply chain attack is a cyber attack that seeks to damage an organisation by targeting less-secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector, making it crucial to prepare for. The exercise is split up into four injects with each inject containing multiple discussion points. This will allow organisations to review and refine their contingency plans if a cyber attack were to occur within their supply chain. 

The aims of this exercise are as follows:  

  • To investigate how your procurement process assures the security of suppliers.  
  • To determine what visibility you have of your data when it is stored by a third party.  
  • To think about what risks customer data is exposed to.  
  • To understand the complexities of your supply chain. Build an understanding of how supply chains can impact your security.  
  • To operate in a no-fault environment to check and test cyber security defences and capabilities. 

Register Here

We recommend 3 - 7