Skip to content

Get Your Business Prepared

A free, 90 minute non technical workshop which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

What is Exercise in a Box?
Firstly, it is completely free, and you don’t have to be technical to get involved.
Exercise in a Box can be best described as a tool that recreates real world business scenarios and tests your cyber resilience in each scenario. It was developed by the National Cyber Security Centre and started its life as a self-use tool to help organisations test and practise their internal response to a plethora of cyber issues. It is, in essence, a box full of exercises based around real world scenarios with probing questions attached to each scenario. It allows your organisation to do them in your own time, in a safe environment, as many times as you want. It includes everything you need for setting up, planning, delivery, and post-exercise activity, all in one place.
We at SBRC have been tasked with promoting Exercise in a Box to Scottish companies by conducting practical workshops where we facilitate one of the scenarios.
Register here
Exercise in a box

The Scenarios

• Working From Home

It is important to understand both the benefits and the additional cyber security risks that home and remote working can bring to an organisation. Many of us have had to move to 100% remote working having never done it before due to COVID-19, which has created the potential that your organisation’s IT services will be accessible to people other than your remote workforce. Additional sudden requirements and demand on infrastructure could increase your organisation’s attack surface, providing attackers with more potential avenues to exploit.

• Phishing Attack Leading to a Ransomware Infection

This scenario is based around how your organisation would respond to a phishing attack that leads to a ransomware infection. It tests the support that users are given to detect and respond to phishing attacks, as well as what security controls are implemented to limit the impact of infections when they do occur. It also covers how well you would be able to continue operating if you did get infected with a ransomware, and whether you would be able to rely on your current backup solution.

“The SBRC Ethical Hacking team’s partnership with NCSC delivers, informative, actionable and real-world based cyber scenarios that are incredibly useful for a range of roles in any organisation. NHS Scotland NSS will be exploring these scenarios to identify gaps in our prevent, detect and response processes and procedures and to engage other areas of our business on cyber matters. What we like most about it, is the non-technical nature of the materials – literally anyone in your organisation will find value in taking part in these scenarios.”

Scott Barnett – Head of Information and Cyber Security, NHS NSS
/4

Is Exercise in a Box for your organisation?

Take our short quiz to find out if Exercise in a Box would benefit your organisation.

1 / 4

What sector does organisation fit in?

2 / 4

How many employees in your organisation?

3 / 4

Have you got Cyber Essentials or Cyber Essentials Plus accreditation?

4 / 4

How confident are you in your organisations cyber security?

What Happens During a Session?

During the session you are paired with one of our ethical hackers. They take you through and facilitate the set of questions designed to re-create a certain scenario. This means you have someone on hand who will help you understand if what you are doing is enough, and what else you could potentially think about implementing.

Each scenario is broken into ‘inject’ points. These are used to re-create certain critical factors or moments in the scenario. From here there are a series of questions you must consider and answer. These questions have been designed by NCSC to allow organisations understand how prepared they really are for key vulnerable scenarios in the day-to-day life of an organisation.

On completion you will leave comforted knowing you have done everything you can to protect your organisation, or with a to-do list to strengthen your organisation, We also offer a follow up session with some 1-to-1 time with one of our ethical hackers who will help you get set up on NCSC Exercise in a Box platform so you can do some more scenarios internally, and they can answer any questions you may still have.

Register here
Meeting

Join an Upcoming Session

Exercise in a Box has been piloted with small and medium enterprises, local government and the emergency services, but other private and public sector communities could benefit from using it depending on their needs. We have seen companies of all sizes and sectors complete a scenario and see great benefit, however, micro-companies, sole traders, or companies at a very early stage of tech development may not get the full value in joining. Please reach out to us if in doubt over this.

We are conducting sessions over Zoom and Microsoft Teams. The session type will be in the Eventbrite registration page name.

The session is discussion led, and with this it is paramount that you bring some team members! Along with yourself, we recommend at least 2 – 5 others, with employees from all different departments represented. As it is non-technical those from non-technical departments will be able to feed just as much into the conversation as a technical team.

We are welcoming organisations from all over Scotland to take part in one of our Exercise in a Box sessions taking place over the next few months.

Sign up on behalf of your organisation via the Eventbrite and we will be in touch with next details so you can register your team for Zoom or MS Teams.

If you are interested in finding out more, please email your interest to [email protected].