Australian Cyber Security Centre (ACSC) has launched a free online tool to help prepare small and medium enterprises (SMEs) in the event of a cyber incident.
The ACSC's ‘Exercise in a box’ tool will guide a company through a range of cyber security exercises that can help in cyber preparedness and increasing resilience to cyber-attacks.
Additionally, it also includes a post-activity report function that will help triage the findings to make meaningful changes to a company’s cyber security posture.
The tool was initially developed by the UK’s National Cyber Security Centre (NCSC) and was further adapted for use in the Australian ecosystem.
Through our partnership with @NCSC we launched the ???????? version of #ExerciseInABox.This free online tool helps small to medium businesses exercise their cyber readiness, understand the risks, and improve their cyber resilience. Try our new tool at https://t.co/LD9C4DQwTx pic.twitter.com/D9rnH9jdTb
— Australian Cyber Security Centre (@CyberGovAU) November 16, 2022
Salient features
The ‘Exercise in a box’ tool is an all-in-one platform that helps an organisation assess and improve its cyber security practices.
It employs an exercise-centred approach which includes discussion-based exercises, micro exercises and simulation exercises
Exercises start by introducing an event, which could be for example an organisation’s IT being attacked, these events are referred to as ‘injects’.
Subsequently, the exercise continues by asking a set of questions relating to the ‘inject’.
Exercise in a Box does not require users to enter a simple answer to these questions; they are intentionally worded in order to solicit discussion. One will often find there is no simple answer.
SMEs a target
In its annual cyber threat report, ACSC assessed that medium size businesses had the highest average loss per cybercrime where a financial loss occurred.
The rise in the average cost per cyber incident is more than $39,000 for small businesses, $88,000 for medium businesses and $62,000 for large business
While global trends indicate a decline in ‘big game’ targeting and a shift towards targeting small and medium-sized businesses, that change has yet to be seen in Australia.
Cybercrime reports and average reported loss by organisation size for financial year 2021–22: ACSC.