Year 9 – Cybersecurity Teacher instruction sheet

Lesson 6 – Under Attack

Save a copy

Activity 1: Under Attack

This is a game in which the learners are placed into groups and have to defend
themselves against cyberattacks. They take on the role of network managers for an
online retailer and they have to spend their budget wisely on protecting their network
against incoming cyberattacks.

How to set up the game

● Place the learners into groups. Each group should have no more than four
members.
● Each group will need a full set of Attack Cards.
● Print out a full set of Protection Cards; they should be kept with the teacher until
they have been purchased.
● Print out a full set of incident cards. Each group will eventually collect three
incidents each. There are nine incidents in total, so if there are more than three
groups, more copies of the incidents will be needed.

How to play the game

The rules are also on the slide deck.

Step 1: Tell the groups that they are the network managers for an online retailer and
their job is to protect the network and the website from cyberattacks.

Step 2: Tell the groups that their first task is to decide how they will spend their initial
budget of £20,000. Ask one member of each group to come to the teacher to buy their
protection cards. They don’t have to spend £20,000, but they can’t exceed this amount
for the first round.

Step 3: Give each group a random incident card. They now have three minutes to work
out which type of attack it is. They must look through their attack cards to pick the
appropriate card that relates to the incident. Their next job is to decide between them
whether or not the attack was a success or whether the protection methods they
purchased would have thwarted the attack.

Step 4: Once the time is up, ask each group to take turns explaining to the class what
the incident was, what attack type they think it is, and whether or not they had adequate
protection in place. If the teacher and class agree that they have identified the correct
attack they get a point; they get an additional point if they had the correct protection in
place.
Page 1 Last updated: 07-02-20
Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

Step 5: Tell the groups that they now have an additional £20,000 to spend on extra
protection methods. Ask a member of the group to purchase the cards from the teacher
as before. Repeat steps 3 and 4.

Step 6: Repeats steps 5, 4, and 3.

Step 7: Declare the winners.

Step 8: Discuss which possible protection methods were mentioned the most. Two-factor
authentication and anti-malware were used the most in the scenarios below.

Answers

The table below shows all the incidents and what attack type each incident is, as well as
possible solutions. Use this as a guide, but it is important to also allow the groups to
justify why they think their protection method would be effective.

Incident Attack type Possible protection

methods

Phone call (employee gets a phone call Blagging Two-factor authentication

pretending to be from IT support; the
fake technician asks for their login details
so that they can update the security on
their account)

An employee has clicked on a link in a Ransomware Anti-malware, upgrade all

suspicious email, and now there is a software on network,
strange message on the screen asking regular backups
for money

The customer login page on the website DDoS Pay the Internet Service
is receiving a huge number of requests Provider to regulate the
from lots of IP addresses. The server amount of Internet traffic
can’t cope and is in danger of shutting allowed through to the
down; this will take the website offline server at any one time

Multiple attempts are being made to log Brute force Two-factor authentication,
in to the account of the chief executive of CAPTCHA, firewall,
the organisation; they are currently in a secure password policy
meeting without their computer

A member of staff has brought in work Virus Anti-malware, anti-virus,

they have been doing at home on a regular backups (this
memory stick; something has happened wouldn’t clear the virus, but
and all their files on the network are could help to restore

Page 2 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

starting to disappear damaged files)

The company’s social media accounts Hacking Two-factor authentication

are starting to send out messages about
how the company doesn’t pay enough
tax

An employee was searching for new Adware Anti-malware

clothes to buy online during their lunch
break; now, every couple of minutes,
adverts for the clothes they were looking
at keep popping up on the screen

An employee reported that they logged Spyware Anti-malware, two-factor

in from home yesterday and when they authentication
arrived in work today, files are missing
and changes have been made to the
customer accounts that they had access
to

Hackers are attempting to access the Hacking Firewall

company accounts system in order to
transfer money out to an unknown bank
account

Page 3 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

Attack cards:

Page 4 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

Incident cards:

Page 5 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

Page 6 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

Protection cards:

Page 7 Last updated: 07-02-20

Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy

This resource is available online at ncce.io/cybs-6-a1-d. Resources are updated regularly — please check
that you are using the latest version.

This resource is licensed under the Open Government Licence, version 3. For more information on this
licence, see ncce.io/ogl.

Page 8 Last updated: 07-02-20