NCSC launches cyber security tool for UK businesses and authorities

News by Rene Millman

"Exercise in a box" could help organisations to check readiness for cyberattacks

The NCSC (National Cyber Security Centre) has offered a new free tool to help toughen the cyber defences of small businesses, and local government.

The tool was announced by the Prime Minister’s deputy David Lidington. Called Exercise in a Box, the online tool could help organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

The free tool scenarios based on common cybersecurity threats to enable organisations both to practice. It will also provide bespoke guidance from the NCSC to help organisations to understand better the cyber risks they face.

"Improved cybersecurity is a key part of the Government's plan to make the UK the safest place in the world to be online. This new free online tool will be critical in toughening the cyber defences of small businesses, local government, and other public and private sector organisations," said Lidington.

The tool offers a number of scenarios based on common threats to the UK that organisations can practice in a safe environment.

There are two types of exercise – a technical simulation and table top discussion – and allows users to monitor their progress.

"The NCSC considers exercising to be one of the most cost-effective ways an organisation can test how it responds to cyber incidents," said NCSC chief executive Ciaran Martin.

"By practising your defence and response mechanisms, you can understand how effective they really are and where there are areas for improvement.

"We’re committed to building the UK’s cyber resilience and continuing our work to make the country the hardest possible target for our adversaries."

The Cabinet Office said that, as the cyber threat landscape evolves, the initiative will be developed to include more complex scenarios.

CrowdStrike’s VP EMEA, John Titmus, told SC Media UK that using a highly-effective cyber-fitness solution is a discipline that should be part of any organisation’s endpoint security strategy.

"By having a comprehensive understanding on what is already running in an environment, security teams can quickly deploy additional security solutions to ensure all enterprise assets are protected," he said.

"Putting this into practice, security teams need to actively coordinate "test runs" to ensure their mitigation tactics are the most effective, reflecting the 1-10-60 rule. This is where organisations strive to detect malicious intrusions in under one minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation in less than sixty minutes."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop