The Exercise in a Box toolkit is an online, self-help tool from the National Cyber Security Centre (NCSC) which is designed to help organisations test and practise their response to a cyberattack. Essentially, it is a free, 90-minute non technical workshop which helps organisations find out how resilient they are to cyber attacks and practice their response in a safe environment. Scenario themes are realistic and based around the main cyber threats faced. It includes everything needed for setting up, planning, delivery, and post-exercise activity.
The purpose of this case study is to share the milestones achieved during the delivery of Exercise in a Box. This case study relates to the time period from August 2020 to May 2021.
The Challenge
Exercise in a Box was primarily designed for organisations to hold and facilitate their own internal exercises, physically bringing key people together to take part in what is traditionally referred to as a ‘table-top’ discussion exercise. However, due to Covid-19 pandemic restrictions, it became challenging to bring people together into one room to participate in a ‘physical’ exercise. However out of adversity comes opportunity and SBRC took an alternative and innovative approach by delivering a series of ‘virtual’ Exercise in a Box events held across Scotland, utilising video conferencing platforms, delivered and supported by a cadre of SBRC’s experienced ethical hacking students.
We strategically chose to deliver the ‘Working From Home’ scenario first, knowing how many organisations were still getting to grips with the security issues the ‘new normal’ caused by the pandemic. At the beginning of 2021, when ransomware took over the headlines, we launched our second scenario, ‘Phishing Attack Leading to a Ransomware Infection’.
Always maintaining a user-centric approach, we looked to understand what our attendees expected and what they needed. For example, during our ransomware sessions we learned attendees wanted more information on how to deal with media during a ransomware incident and we created it based on needs assessment. The feedback for such efforts was overwhelmingly positive.
We consciously worked with organisations and charities based all over Scotland supporting them in bettering their cyber resilience. The challenges presented to us allowed us to discover a recipe that would see us successfully delivering this project, hitting our target, with 266 companies completing a session.
The Solution and Outcome
Despite all the challenges presented, SBRC managed to successfully deliver Exercise in a Box pilot project over 10 months. In total, 266 organisations across Scotland, and 772 attendees participated in the interactive workshops. The organisations consisted of the Public, Private, and Third Sector, including Academic institutions. The virtual approach to delivery increased inclusivity, recognising the diverse nature of business in Scotland and its vast geographical locations.
As a result, organisations the length and breadth of the country, from Dumfries in the south, the Western Isles, Aberdeen in the north-east and Orkney in the Islands, were able to participate in addition to the more populated central belt. Due to the massive success and popularity of the project delivery, SBRC additionally offered each attending organisation a follow-up session where they could be introduced to the Exercise in a Box platform and enquire about cybersecurity-related issues.
To promote cyber-awareness and continue with the theme of Exercise in a Box, SBRC commissioned 10 cyber-awareness videos that are short, informative but most importantly easy to understand.
The following topics were covered in the videos:
• Password
• Updates
• Antivirus
• Parental controls
• Public Wi-fi
• Phishing
• Home IoT
• Backups
• Social Media
www.sbrcentre.co.uk
Related posts
Interviews
Comment
Why innovation and marketing are the perfect partners to make changes that matter
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…
Women Lead: The female-led company championing intuitive working
Over the last two years, the pandemic forced a shift to more remote and flexible working practices. Whilst we might be seeing a “return to normal”, some companies are choosing…
Women Lead: My passion for young people to consider a career in digital
Twenty years ago, I stumbled across my career in digital marketing almost by accident. It was during my honours degree in marketing at Glasgow Caledonian University. I was on work…
Women Lead: Inclusive Silicon Valley cohort gives hope to entrepreneurs from diverse backgrounds
Things are happening on the Scottish tech scene. Big and small initiatives are creating a fantastic ripple effect on the sector, bottom up and top down, thanks to the recommendations…
Women Lead: The story of an entrepreneurial scientist
I first arrived in Scotland over 20 years ago. I had £75 in my wallet and a scholarship offer to do a PhD at the University of Edinburgh. Sometimes I…
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…