The Australian Cyber Security Centre (ACSC) has created a free virtual service to assist small and medium-sized enterprises (SMEs) in preparing for digital breaches. Exercise in a Box takes users through cyber security tasks, furnishing all the materials required to strategise, create, and deliver the activities to companies. A post-session analysis feature allows you to record any revelations made during the task and incorporate them into your cyber security posture.
The ACSC Annual Cyber Threat Report for July 2021 – June 2022 revealed that medium-sized enterprises had suffered the most significant average detriment from cybersecurity incidents. It resulted in monetary loss with an increase of more than $39,000 for small companies, $88,000 for mid-sized firms and $62,000 for large organisations.
Australian Cyber Security Centre (ACSC) has launched a free online tool to help prepare small and medium enterprises (SMEs) in the event of a cyber incident.
Exercise in a Box guides users through cyber security exercises and includes everything you need to plan, set up and deliver the exercises to your organisation. It also includes a post activity report function that allows you to capture any findings you make during the exercise and use these findings to make meaningful changes to your cyber security posture.
Exercises start off inviting an event similar to an attack on an establishment’s IT system known as ‘injects’. These questions connect with said ‘inject’ and ask for something more than a clear-cut solution; intentional word choice sets off dialogue between participants. This web tool will continue advancing with time to remain timely, applicable and unique.
The online tool will keep evolving to stay current, relevant, and engaging.
By thinking about what aspects of cyber threat management you would like to explore, these exercises will help identify cyber security practices that can be employed at a low cost and provide a solid foundation for cyber security management.
- A ransomware attack is delivered by a phishing email.e
- Mobile phone theft and response.
- Being attacked by an unknown Wi-Fi network.
- Insider threat leading to a data breach.
- Third-party software compromise.
- Bring Your Own Device (BYOD).
- A threatened leak of sensitive data.
- Supply chain risks.
- Home and remote working.
- Managing a vulnerability disclosure.
- Supply chain software.
- Supply chain ransomware attack.
Micro-Exercises
- Responding to ransomware attacks.
- Identifying and reporting a suspected phishing email
- Using passwords.
- Connecting securely.
- Securing cloud productivity suites.
- Securing video conferencing services.
Simulation Exercises
A simulation exercise mimicking a cyber threat present on an organisation’s network.
