Incident Response Planning With the NCSC Exercise in a Box
The UK Government today announced ‘Exercise in a Box’. Ian McGowan, managing consultant at Barrier Networks, explains what it is and how it can help companies beef up their cyber security.
The launch of the UK National Cyber Security Centre (NCSC) has drawn positive feedback from all corners due to its ongoing work to make the UK a safer place to live and do business online.
Cyber threats to the UK are growing and although some are sophisticated the majority of cyber attacks still occur due to the lack of basic cyber good practice. The most recent government figures show that 32% of businesses identified cyber security breaches or attacks in the last 12 months. That can have a huge impact on the livelihood of the business and their customers.
It is, therefore, paramount that businesses take steps to prepare for and practice protecting themselves better against cyber-attacks.
One of the services we provide at Barrier Network is Incident Response for organisations who have been victims of a cyber-attack. Unfortunately, most organisations are not prepared for the chaos that ensues when their IT systems have been breached. So, in addition to the response element of incidents that we offer, we also provide assistance with incident planning and readiness, but it is often only considered after an incident has occurred. When an incident does occur, it is important to contain it as quickly as possible so that data leakage, reputational damage and financial cost to the organisation can be limited.
So, to help organisations understand their readiness to manage and respond to a cyber-attack the NCSC has commissioned a new product called Exercise in a Box. This unique online tool provides exercises based on common cyber threats, which organisations can practise in their own time, in a safe environment, as many times as they want. It brings together in one place everything needed to plan and run an exercise, from the principles of exercising, discussion-based scenarios, a technical simulator, feedback form and a wealth of supporting products. It is quick and easy to use, completely free and you don’t need to be an expert to use it.
Exercise in a Box contains a variety of scenarios that are aligned to the NCSC’s Small Business Guide, which provides businesses with advice that is simple and low cost to implement. It allows protection against the majority of threats including protecting your organisation from malware, how to avoid phishing attacks, the importance of backing up, protecting your mobile devices, and how to manage passwords. Exercise in a Box is a great product to test your implementation of the guide.
Barrier Network has taken part in some of the early testing of Exercise in a Box. As you progress through the stages of the exercise and deal with the various ‘injects’ you are prompted with key points for the attendees to discuss. This helps to stimulate organisational discussions, disseminate knowledge within your staff and help identify gaps in your ability to respond effectively.
At the end of the exercise you complete a series of feedback questions which help you address the gaps identified by providing links to NCSC guidance for the areas where you fall short.
The lessons learned during these exercises should be incorporated into your Incident Response Plan and they will help build awareness within your business by engaging stakeholders outside of IT, such as Corporate Communications and Human Resources.
This is another fantastic initiative from NCSC and it should become a regular activity in your operational resilience planning. The service is currently in its ‘Alpha’ release with a small number of companies but it works very well in its current guise. The product will be launching officially at the end of April.
Barrier Networks will be hosting a series of Cyber Security Breakfast Briefings in Edinburgh, Glasgow and Aberdeen with an Exercise in a Box session when it has been released for public use.