Date: 27 March 2020
Cyber Tabletop Exercises help you test and evaluate the efficacy of your well-laid plans in a real-world situation.
You have to ask yourself, when your organisation is under a cyber-attack will your untested response plan actually work? The only way to find out is to assess your plan with a successful Cyber Tabletop Exercise. Note the emphasis on the word successful?
That’s because very often, a Cyber Tabletop Exercise, conducted with the best intentions, will fail to deliver. Here are some of the most common reasons why -
-
- Flimsy scenario: The scenario on the ‘menu’ is either a phishing email followed by the ‘usual ransomware attack’ or a combination of phone and email business-email-compromise (BEC) attack. Furthermore, cyber response workshops often lack the detail and are not real-enough and scary-enough to put pressure on your team to act the way they will in case of a real attack. Conducting a lackadaisical exercise with a flimsy scenario yields no results.
- Apathy of Internal Staff: A common sentiment we often see is lack of attentiveness and little credence in the internal staff tasked with running the incident response workshop. The cause of this lethargy can include, but is not limited to :
- Existing political and/or ideological differences between the host and the attendees.
- Host having insufficient experience in hosting a workshop along with little practical ability to constantly engage the audience.
- The presumption that the host is pursuing his/her own agenda during the cybersecurity tabletop exercise.
- Inexperienced Host: Hosting an engaging and interactive cyber tabletop workshop requires a certain set of skills and ability along with years of practice and experience. This is especially true when you have to ‘hold’ a group of easy-to-lose-attention-executives for two to three hours and keep them engrossed in what is often seen as a dry and complex topic. Where the host is inexperienced he/she may be unable to speak openly and objectively due to being an internal staff member and hence face the obstacles discussed in point number two.
- Unprepared: Put simply, the majority of in-house cyber tabletop exercises are run without much preparation and attention to detail. Often, the exercise is cobbled together with a few cyber tabletop PPT slides, notepads and pencils; and calendar invites are sent without further explanation.
- People around a table: The cyber 'tabletop' moniker is often misinterpreted as unexciting and dreary resulting in further indifference by workshop attendees.
- Flimsy scenario: The scenario on the ‘menu’ is either a phishing email followed by the ‘usual ransomware attack’ or a combination of phone and email business-email-compromise (BEC) attack. Furthermore, cyber response workshops often lack the detail and are not real-enough and scary-enough to put pressure on your team to act the way they will in case of a real attack. Conducting a lackadaisical exercise with a flimsy scenario yields no results.
Oh wait! One more. The Executive Mandate: As in all other initiatives that require maximum participation, the lack of executive directive is a major reason most cyber incident response workshops are plagued with poor attendance. No leadership, no imperative equals poor attendance.
It is our opinion and experience that cyber tabletop exercises can actually be a lot of fun and give engaged participants quite the adrenaline rush as they ape a high-pressure real-world scenario. Attendees must be given an appropriate understanding of the concept before-hand for the success of the exercise.
If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here.
