Cybersecurity: This free tool lets you test your hacker defences

NCSC initiative is based off real hacking scenarios and looks to bolster cybersecurity of businesses.
Written by Danny Palmer, Senior Writer

Organisations will be able to test their ability to deter hackers and cyberattacks with a free new tool designed to prepare them against online threats including malware, phishing and other malicious activities.

The online tool for testing cyber fitness has been been designed by experts at the National Cyber Security Centre (NCSC) – the cyber arm of the UK's GCHQ intelligence service – and is designed to boost resilience to cyberattacks based on real-life hacking scenarios.

The tool, known as Exercise in a Box, has been tested by government, small businesses and the emergency services and aims to help organisations in the public sector and beyond to prepare and to defend against hacking threats.

"This new free, online tool will be critical in toughening the cyber defences of small businesses, local government, and other public and private sector organisations," said Cabinet Office Minister David Lidington, who revealed the tool in a speech in Glasgow, Scotland at CYBERUK 19, the NCSC's cybersecurity conference.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Exercise in a Box provides a number of scenarios based on common threats to the UK that organisations can practice in a safe environment.

It comes with two different areas of exercise – technical simulation and table-top discussion. It's hoped that this tool will provide a stepping stone towards the world of cyber exercises.

"The NCSC considers exercising to be one of the most cost-effective ways an organisation can test how it responds to cyber incidents," said Ciaran Martin, CEO of the NCSC.

"By practicing your defence and response mechanisms, you can understand how effective they really are and where there are areas for improvement. We're committed to building the UK's cyber resilience and continuing our work to make the country the hardest possible target for our adversaries," he added.

By running Exercise in a Box, organisations will be able to examine their current defences and response mechanisms, and test their existing policies and procedures. It's also designed to improve how users discuss cybersecurity issues and identify areas where they can further improve their defences.

In future, the initiative will also be updated to include more complex scenarios across organisations of all sizes and in different sectors. Organisations that want to sign up for Exercise in a Box can do so on the NCSC's website.

Lidington told the audience that the government has made "considerable progress" when it comes to boosting the UK's cybersecurity, but admitted more has to be done to help people understand threats and how to protect against them.

"We've also got to demystify cybersecurity for the average citizen. We need to get away from the outdated image of wargames, and begin thinking more about botnets and malvertising," he said, adding "There remains a deep lack of awareness about these threats."

Describing how some board members still view cybersecurity as problem for IT, Lidington argued that this is the wrong approach "when cybersecurity needs to be everyone's responsibility," he said, pointing to how a failure to understand issues can lead to much bigger problems, such as the way the NHS and others were impacted by the global WannaCry ransomware outbreak.

"We saw from WannaCry in particular, how a low level lapse in cybersecurity can risk a compromise of a much wider network," Lidington said.


Editorial standards