The Scottish Business Resilience Centre (SBRC) has updated the UK official National Cyber Security Centre’s (NCSC) ‘Exercise in a Box’ programme to include scenarios specific to security breaches involving third-party providers and what this might mean for a business.
As the SBRC says, a breach can not only affect the business attacked, but a wider supply chain. The online nature of business means that “digital supply chains” are becoming larger and more complex, making it more difficult for other businesses in the chain to ensure they are protected when they don’t know what cyber processes and procedures other businesses might have, the Centre says.
The new ‘Supply Chain’ scenario joins ‘Ransomware Attack’ and ‘Working from Home’ in the collection of scenarios designed to ensure businesses can test their responses to a cyber breach, safely, without risk of actual damage. The SBRC has been running these workshops for business across Scotland since late 2020 and has to date trained more than 250 businesses.
In free, 90-minute supply chain workshops, attendees can identify how their organisation relies on the security of third-party suppliers and consider how to include minimum security standards in their procurement process. Specific examples can help attendees test the effectiveness of their solutions and discuss other approaches.
Jude McCorry, CEO of the SBRC, pictured, said: “Businesses are relying on third-party suppliers more than ever, creating a ‘digital supply chain’ that intertwines a range of businesses across sectors. The chain has grown to include organisations who provide services such as online tools, cloud-based products, desktop software and hardware. Businesses are so entwined that an attack on one company in the chain can have a domino effect and impact many people and businesses. This new scenario will help organisations – whether in the public, private or third sectors – to manage the fallout from a range of cyber attacks, including when they suffer an indirect breach via an external organisation.
“Organisations are under significant stress these days, from cyber attacks to changing work patterns due to the pandemic testing their resilience. To help relieve that stress, the Exercise in a Box workshops focus on specific scenarios to force attendees to really consider how they would react in a variety of situations and learn about others’ thought processes and approaches. It is the safest way to test their resilience and help ensure Scotland is one of the most secure countries to do business.”
The SBRC delivers Exercise in a Box workshops virtually to businesses throughout Scotland with input from Police Scotland and others. It is hoped that up to 200 business will sign up to attend the sessions over the next nine months.
The workshops, which will continue until March 2022, have specific sessions to the supply chain scenario on these dates:
Tuesday 27 July;
Thursday 29 July;
Tuesday 17 August; and
Thursday 19 August.
More about Exercise in a Box workshops – which are now being delivered via either Zoom or Microsoft Teams – on the SBRC website.