‘Exercise in a Box‘ is a free, innovative tool provided by the National Cyber Security Centre (NCSC) to help organisations test and improve their cyber incident response capabilities.
Organisations that have robust cyber incident response plans in place are better equipped to responding to cyber attacks and getting back up and running again quicker than those without plans in place. However, the first time an organisation runs through its cyber incident response plan shouldn’t be on the day of an attack. Instead, it is recommended that organisations practise and test their response plans and make improvements before a cyber attack occurs.
Why do organisations need to exercise their plan?
It helps to test a response plan regularly in a safe and supportive environment where teams have sufficient time to understand their roles and responsibilities. This means if or when a real cyber incident occurs, everyone knows what to do without panicking.
A cyber incident could take many different forms. It could be a security risk originating from within your organisation that leads to a data breach, or a ransomware attack delivered by phishing email. It could involve just your IT team, or the whole company and may stray into the realms of informing regulators, customers and partners and managing the press. Your incident response plan should cover all these eventualities and exercising these different scenarios will help improve coordination and communication among team members and ensure that everyone is on the same page during a crisis.
Introducing the Exercise in a Box tool
Organisations of all sizes and in all sectors can use the NCSC’s free online tool to test and practise their response to a cyber attack. It offers a range of pre-packaged exercises that simulate various cyber attack scenarios, allowing teams to practice their response strategies in a safe and controlled environment. Exercise in a Box was piloted originally with small and medium sized enterprises, local government, and is designed so that anyone in an organisation can use it without being an expert.
Key Features
Scenarios and Modules: Choose from more than 15 exercise topics including phishing, mobile theft, WiFi, ransomware, and home working and 3 types of exercises: micro, tabletop and simulation. Exercises are ready to go and are available with different durations, they can be started, paused or continued in your own time, at your own pace and no preparation is needed.
Guided Exercises: ‘Exercise in a Box’ provides step-by-step guidance through each exercise, making it easy for teams to follow along and understand the key points of the simulation. This guidance ensures that even teams with limited cyber security expertise can effectively participate and learn.
Get Started with ‘Exercise in a Box’
Register: Visit the NCSC website and register for access to ‘Exercise in a Box’. Registration is straightforward and free of charge.
Select an Exercise: Choose a scenario that aligns with your organisation’s needs and objectives. Start with a basic exercise if your team is new to incident response practices.
Prepare Your Team: Brief your team on the chosen exercise and ensure that everyone understands their roles and responsibilities. Gather any necessary materials and set aside dedicated time to complete the exercise.
Run the Exercise: Follow the step-by-step guidance provided by ‘Exercise in a Box’ to conduct the exercise. Encourage active participation and open communication among team members.
Review and Improve: After completing the exercise, review as a team to identify improvements and update your incident response plan accordingly.
Don’t wait for a cyber attack to test your defences. Use ‘Exercise in a Box’, to help your team build confidence and resilience and be prepared for cyber incidences of all kinds.
What next?
Exercise in a Box is an accessible introduction to cyber incident exercising.
The next stage would be to start working with an experienced professional, assured under the NCSC’s Cyber Incident Exercising (CIE) scheme. A CIE provider can design and facilitate discussion-based table-top or more in-depth, technically simulated live-play exercises. They would specifically tailor the exercises to the unique size, characteristics and requirements of your organisation.
Cyber Incident Exercise Providers will have conducted thorough research on recent cyber threats, attack trends, and emerging vulnerabilities. They will leverage threat intelligence sources to help you understand the tools, tactics, and procedures employed by real threat actors. All of this information is used to craft realistic attack scenarios that is appropriate for your organisation’s sector, technologies and people. Cyber incident exercising with an Assured Service Provider will ensure you practise and refine your incident response capabilities in a hands-on manner and are better prepared to handle real cyber threats. NCSC Assured Service Providers will bring industry experience and expertise to help you develop your response abilities and increase your cyber resilience.
Find an Assured Service Provider to help you exercise your incident response plan
For organisations that want to plan and practise their response to a cyber incident with guidance from an industry expert, you can contact an Assured Service Provider in Cyber Incident Exercising.
Organisations can find a list of NCSC Assured Cyber Incident Exercising providers via the scheme’s “Find a Provider” page