What is it?
Since the pandemic started, working from home has become a major part of working life. Even as the pandemic recedes, many organisations continue to work from home or have adopted hybrid working.
While working from home is convenient and has many benefits, it exposes individuals and organisations to various cyber security threats. Considering the risks posed, it is advised that organisations adhere to the best possible practices to mitigate the most common threats.
This scenario is split into three injects containing multiple discussion points. This will allow organisations to review and refine their standard practices when working from home.
The aims of this scenario are as follows:
- Understand the controls that your organisation currently has in place to support home and remote working.
- Understand how collaboration services are managed and controlled by your organisation.
- Think about acceptable discussions or information that can be shared using collaboration platforms.
- Determine if effective monitoring measures are in place.
- Explore how your organisation detects and handles a security incident that has originated from a remote workstation.
Why do it?
Understanding both the benefits and additional cyber security risks that home and remote working can bring to an organisation is vital. If there is an urgent requirement to step-up home and remote working, then there is the potential that your organisation’s IT services will be accessible to people other than your remote workforce. Additionally, sudden requirements and demand on infrastructure could increase your organisation’s attack surface, providing attackers with more potential avenues to exploit.
It is important for organisations to conduct cyber exercising to enable them to prepare for a potential cyber attack within their business and mitigate that threat as much as possible. Additionally, please remember that Exercise in a Box is a safe environment for every participant, so please do not feel like you cannot say anything.
Hackers have utilised many attacks over the course of the pandemic. The attack vectors include:
- Cyber Fraud
- Insider Threats
- Scams (Phishing, Vishing)
Some of the benefits and key takeaways of cyber exercising include:
- Understanding actual versus perceived capabilities of people and technology.
- Deciding where to invest budgets in training or new technology.
- Building muscle memory and reducing stress for security teams and management.
- Improving morale and team building.
- Meeting regulatory requirements.
Who is it for?
Exercise in a Box is aimed at any organisation, large or small, aiming to increase its cyber knowledge and perception. Working from home and its possible implications affect every organisation in some shape or form. It is advised that businesses bring a diverse team with them and not just the IT department. This will ensure that more of the company is educated and not just a small part of it.