That’s why Hack The Box has redefined the idea of ​​TTX, using its expertise developed by working with government, enterprise, corporations, academic institutions, as well as the largest community of ethical hackers worldwide, to create dynamic, realistic scenarios for the crisis. Preparation tailored to specific organizations and their objectives.

This expertise is now aided by generative AI. “Hack The Box uses its own AI technology to extract information from various publicly available sources, such as news articles, to create scenarios based on current trends and relevant industry developments. This ensures that the scenarios created are timely and reflect what is happening in the world today,” explains Plarinos. “The exercise is as if you had a real crisis in front of you.”

Throughout the simulation, the Crisis Control manager plays a key role in managing the flow and effectiveness of the simulation, ensuring the exercise remains aligned with the team’s learning objectives and real-life situations, and using the trained AI model to customize and expand the narrative. instantly creating an extensive conversation with a simulated attacker to represent cybercriminals during text-based ransomware conversations.

“If you observe that participants are not fully engaged (such as underestimating the situation or losing focus), you can introduce more critical, high-risk elements that are directly relevant to them, thus creating a higher sense of urgency,” explains Manos Gavriil, Hack VP of Content at The Box.

Not just technical concerns

The purpose of Crisis Control is to extend preparedness planning beyond the technical team; These are a big part of the simulation though. “A major cyberattack on a company raises two sets of questions,” says Lucas Kello, Associate Professor of International Relations at the University of Oxford and Director of the Center of Academic Excellence for Cybersecurity Research. “First, there are technical questions; What is happening around the network, is your data safe, which systems have been compromised? It is the security team’s responsibility to resolve these issues.”

However, Kello notes that there are other considerations beyond the technical field. “These broader ‘meta’ challenges are organisational, legal, regulatory and sometimes ethical in nature,” he says.

When trying to stop an attack and uncover damage, companies also need to understand how to apply the relevant regulatory standards: who should be assigned internally (e.g. compliance teams, legal teams, or both) and what external authorities (if any) should take action on the matter. must be informed or consulted and much more. “This is where Crisis Control shines: bridging the gap between the technical team and management and the business,” explains Kello.

Fire drill for cyber attacks

Following the simulation, a post-mortem is performed to identify key pain points and steps to take moving forward. Participants will not finish their work as experts in red teaming and blue teaming, but they will gain a deeper understanding of how major technical events relate to their priorities and put processes in place in the event of a crisis.

“When you create clear rules and procedures, they come into play immediately in a real crisis, eliminating confusion and ensuring everyone both inside and outside the organization knows what standards to apply and who to consult,” adds Kello.