As organisations across the UK prepare for the next decade of cyber defence, the reality is clear: attacks are moving faster, spreading wider, and exploiting the interconnected nature of modern environments. Cloud adoption, identity based access, and shared service providers have changed how incidents unfold, while AI is accelerating both defensive capabilities and adversary tradecraft.

In this live, interactive workshop, the CrowdStrike Incident Response team brings attendees inside a realistic cyber incident based on real world adversary activity observed across Europe. The simulation centres on a highly sophisticated China-nexus adversary compromising a managed service provider, triggering cascading impact across multiple customer environments. This attack pattern is increasingly common and highlights how thirdparty risk, speed of response, and decision making under pressure can determine the scale of disruption.

Participants will take an active role throughout the session. Using live audience polling on personal devices, attendees will vote on response actions at critical stages of the incident, from initial detection and containment through investigation, communication, and recovery. Each decision directly influences how the scenario evolves, revealing how modern attacks adapt in real time and how seemingly small choices can significantly alter outcomes.

Designed for both technical practitioners and security leaders, this workshop cuts through complexity to deliver practical insight into incident response realities. Attendees will leave with a clearer understanding of how today’s attacks progress, what effective response looks like in high pressure situations, and how organisations can prepare to act decisively when it matters most.