Skip to content

What is it?  

Ransomware is some of the most destructive forms of malware currently in circulation. It has the capability to take entire organisations to its knees in a matter of days, if not hours. The ransomware can encrypt the targets systems and will demand payment for the restoration of the systems. It is paramount for an organisation to know how to respond to a possible ransomware infection.  Ransomware attacks can affect any organisation, and do not discriminate on who is targeted.  

This session goes over a mock ransomware infection, through a phishing email, the most common infection vector for malware. This is an extremely common form of attack as 86% of cyber attacks are through phishing. It is essential for an organisation to have resilience against the constant threat of a phishing attack. The session covers:  

  • Understand how your organisation is prepared to deal with phishing attacks  
  • Recognise how the configuration of your user accounts plays a major role in your defences  
  • Gauge how effectively you can recover data and resume operation after a cyber attack
  • Build trusted relationships and develop shared understanding between key stakeholders 
  • Prepare and train key staff to think about what risks they are exposed to
  • Operate in a no-fault environment to check and test cyber security defences and capabilities

Why do it?  

With the rise of ransomware attacks, more than ever, it is essential that organizations are prepared if they suffer an attack. Effectively securing an organisation can be difficult as you are only as secure as your weakest link, and with the ever changing face of cyber security it is difficult to prepare against possible attacks.  

You can access our ransomware guide here: Ransomware Guide

It is important for organisations to conduct cyber exercising to enable them to prepare for a potential cyber attack within their business and mitigate that threat as much as possible. Additionally, please remember that Exercise in a Box is a safe environment for every participant, so please do not feel like you cannot say anything.   

The session offers multiple takeaways, as within a provided follow up session, a report from the NCSC can be generated, linking to all the guidance relevant to your organisation, taken from the session.   

Some of the benefits and key takeaways of cyber exercising include:  

  • Understanding actual versus perceived capabilities of people and technology 
  • Figuring out where to invest budgets in training or new technology
  • Building muscle memory and reducing stress for security teams and management 
  • Improving morale and team building
  • Meeting regulatory requirements

Who is it for?  

Exercise in a Box is aimed at any organisation, big or small, that are aiming to increase their cyber knowledge and perception.  Ransomware attacks are an organisation wide issue, security is only as strong as its weakest link, and all it takes for a ransomware infection to take hold is one email. Understanding the process of recovering and dealing with a ransomware attack, alongside continuity plans, can make the difference between recovering from an attack in a week or a year. It is advised that organisations bring a diverse team and not just the IT department. This will ensure that more of the company is trained and not just a small part of it.  

You can sign your organisation up here: Scottish Business Resilience Centre Events | Eventbrite 

Join our Ransomware Exercise in a Box session on 30th September. Sign up here.