NCSC launches pen testing service for remote workers
An expansion to the successful Exercise in a Box toolkit will enable SMEs to probe the cyber security defences of remote workers
Small and medium-sized enterprises (SMEs) struggling to keep on top of cyber security threats to remote workers during the Covid-19 coronavirus pandemic can now take advantage of a National Cyber Security Centre (NCSC) service which launches today as part of its successful Exercise in a Box toolkit, designed to help SMEs without dedicated security resources prepare for a cyber attack.
The addition of a Home and Remote Working exercise to the existing package of penetration testing exercises is the latest in a series of measures the NCSC has taken since the outbreak of the pandemic to support business security in the new normal.
Like the other elements of Exercise in a Box, the latest module takes the form of a realistic role play scenario an SME might face, allowing them to practice and refine their response, as well as educate their users.
“We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that,” said NCSC’s deputy director for economy and society engagement, Sarah Lyons.
“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative. I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”
The module focuses on three key areas: enabling safe network access for remote workers; putting in place appropriate services for secure employee collaboration; and putting in place processes to manage a cyber security incident remotely.
Sarah Lyons, NCSC
Some of the other scenarios that have proved popular in the year since the wider service first launched have centred on dealing with ransomware attacks, losing devices, and an attack simulator that safely and legally imitates a threat actor targeting the organisation.
The exercises include guidance and discussion prompts for staff members about security processes, and basic technical knowledge that could help enhance their day-to-day practices. At the end of each exercise, an evaluation summary is provided to outline next steps.
“Exercise in a Box is just like the monthly fire alarm test or evacuation drill – it’s part of the preparation for a real event – and the best way to learn and improve on anything is by doing it,” said a spokesperson for Eventura, a managed services and business systems firm that has already gone through some of the drills.
“It’s a fantastic tool that’s free, well thought out, easy to use and can help improve an organisation’s security posture – what’s not to love in that?”
Read more about penetration testing
- The crowdsourcing security company Bugcrowd has launched a ‘Classic’ pen test service to offer enterprises a more cost-effective and efficient way to test their cyber security posture.
- With pen testing, you uncover software’s vulnerabilities before hackers do. Use this overview of the practice to learn about tooling options, test types, use cases and common flaws.
- Writing a pen testing report might not be the most fun part of the job, but it’s a critical component. These tips may help you write a good one.