Exercise your cyber security

Learn lessons the easy way and in your own time

Book your free consultation now

Blog

The multi-billion dollar Dutch provider of accountancy software, Wolters Kluwer, has been experiencing a cyber incident since the 6th of May. Since then they have confirmed that malware was on their system but there has been a significant failure to effectively communicate much more than that to their customers and to the public. This has caused significant frustration and anger to their l...

There have been a number of large fines handed out in recent weeks to businesses that suffered a cyber breach.  British Airways and Marriott International are due to be fined £183m and £99m respectively by the UK’s Information Commissioner’s Office while Equifax has agreed to pay between $575m and $700m to US authorities.  These are large numbers and they have received a lot of press cover...

The NCSC’s Exercise in a Box has a simulator that allows you to mimic a common malware command and control technique.  The simulator is just one of several exercises that make up the “Exercise in a Box” that can be downloaded and used for free from the NCSC.  The majority of the scenarios are conducted in a tabletop format but this simulator now lets these exercises test technological security...

Cyber exercises help you test your people and processes and make sure they're ready for an incident.

A cyber exercise tests the incident response of an organisation.  They focus on business impact and can be considered as pentests for people and processes.  They allow organisations to develop and rehearse their incident response procedures in a safe and controlled manner.  They offer a pragmatic way to understand and benchmark the impact of a cyber security incident and so allow improveme...

Checklists, how to use them to save time and money, and why you won’t bother to

Arrrgh where is Brent? He knows everything about the firewall/routing/machine build process/ICS/other IT thing, if we can’t find him how can we solve the IT emergency? If we don’t get this solved soon nobody is going to get paid and the business will fail!*

Want to avoid decision paralysis, ensure repeata...

Abstract graph on dark blue background

There are a number of great online resources to help you develop a successful cyber (or any other) exercise. Here are some of the best we’ve found:

How to run a cyber exercise:

Cyber Exercise Playbook, MITRE. Detailed step by step process on how to run a large scale objective driven exercise.  Very much follows a military exercising process.

San Francisco Department of  Emergen...

Digital art of a head with gears against a blue background with 1s and 0s.

Cyber exercising plays an important role in testing and developing an organisation’s cyber security posture.  However just like the organisations that use them, not all cyber exercises are the same. This post will give a brief overview of the 4 main types and describe when you should use them.

The four most common types of non-intrusive cyber exercise are seminar, workshop, tabletop an...

Long exposure photo of fire in a figure of eight pattern

TL;DR.  Probably yes.  But you need to choose the right type of exercise.

Cyber security exercises may sound like an advanced activity but they offer value for all organisations seeking to prepare themselves for cyber incidents.  For organisations that deliver the UK’s critical national infrastructure however, and that fall within the statutory requirements of the NIS directive, they ar...

Abstract geometric shapes with a technial style on blue background.

Objective assessment of existing security measures

Cyber security programmes are not cheap and in the modern business climate every pound spent needs to be justified.  There are two ways to test if your cyber security investments are delivering value. The first is to wait for a real incident to hit and to see how things pan out.  The second is to exercise and test those investments in ...

Long exposure photo of glowing fire being spun in spiral.

Cyber security can be confusing particularly if you are engaging with the area for the first time.  One of the sources of confusion is the variety of products and services on offer that all seem the same or at least very similar.  Penetration testing (aka pentesting), red teaming and cyber exercising are three such services that can be easily confused. This article will aim to describe th...

Modern glass building with pointed edge against blue sky and clouds

The Network and Information Systems (NIS) Directive requires UK operators of essential services to manage their cybersecurity appropriately so that critical national services are not seriously affected in the event of a cyber incident.

The directive came into UK law on 10 May 2018 and was introduced alongside the General Data Protection Regulation (GDPR).  While GDPR addressed the priva...

Colourful tiles on building with sky at top

Be clear about the objectives for the exercise, and what it is trying to test.  If you do this, and build the exercise around the objectives, it is much more likely to be successful.  This is the starting point for any exercise. Ask the question, “what am I trying to achieve and why?”. This then means you can measure the success of the exercise afterwards.

Set out ground rules at the ...

World map - Produced in Amsterdam 1689

Ancient seafarers and accountants are not normally the subjects of cyber security related articles. This post will seek to address this oversight by considering how these two communities made use of the virtual environment to go about their business. By doing so we can take a broader perspective on what the virtual means to organisations today and how this translates into protecting agains...

Abstract bokeh circles

TL:DR: Businesses looking to improve their cyber-security posture will often quickly find themselves overwhelmed by a market full of technically complex products and services, making it hard to know where to start. Cyber basics for business are about understanding what information the business has, what protection that information needs with reference to business operations, and applying a...

Interested in a free consultation on how exercising can help you today?

Contact us

  • blue textured material
  • KNOWLEDGE BASE
  • Cyber exercising, red teaming and pentesting

  • You may have heard of red teaming or pen testing but what exactly is a cyber exercise and how is it different?
  • Learn more ->