Aster Housing tests its Cyber Breach Readiness with Tabletop Assessment
Date: 20 April 2021
Aster Housing regularly conducts annual cybersecurity audits. However, this time around, it chose to host a Cyber Crisis Tabletop Exercise (CCTE) with Cyber Management Alliance instead of the more traditional audits it has been conducting in the past.
The Aster Group is well-known in the UK for providing a wide range of housing options to all income groups. It owns assets worth £ 1.6 billion. The group owns and maintains over 30,000 homes, providing services to more than 90,000 customers. Aster is on a rapid growth trajectory with plans to develop more than 11,800 houses in the next 7 years. With a business of this scale and ambitious growth targets, Aster Housing is naturally deeply invested in its security posture.
Neil Mallon, Technology Lead at Aster Housing, explained the rationale behind this choice: “Our previous audits have been more traditional in nature. They’ve been more focused on checking configurations, documentation, processes and procedures. They’ve all been very useful, but we needed something that’s more like a true demonstration of the capability of the business to actually respond.”
He further added that each year he has a discussion with the internal group auditors about how they can undertake the yearly audit. Essentially what it boils down to each year is the auditors, the risk committees and the execs all wanting assurance. They want to be confident that the business can do what it says in terms of cyber incident response in the best way possible.
Neil convinced them to give the cyber tabletop exercise a chance this year as he felt the organisation needed to get active and operational assurance. Further, one of the USPs of Cyber Management Alliance’s Cyber Crisis Tabletop Exercises is that it is followed up by a formal, comprehensive assessment report. The internal auditors of Aster Group found satisfaction in this fact as the report would give them something to put against the risk register.
Speaking of Aster Group’s experience with Cyber Management Alliance’s Cyber Crisis Workshop, Neil said, “This year’s audit was undertaken with people at the heart of the test – because you can have all the documentation and all the technology but if people don’t respond correctly then none of that necessarily matters. This year’s audit, then, was all about how people would respond in a crisis.”
"The CCTE and the corresponding audit conducted by Cyber Management Alliance was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now and our next focussed steps. We will be engaging CM-Alliance on an annual basis," Neil shared when asked for his feedback on the workshop.
“We tested how teams could respond and collaborate, including teams that don’t always work together day in and day out. And in Covid times, how teams could respond remotely. Overall, we felt we succeeded in the workshop and the results we got were a true reflection of our ability to respond. We have identified scenarios to focus on and we know what we need to remedy. Next, we are looking forward to engaging top level management in the participation,” Neil concluded.
If you are also interested in conducting a cyber exercise that truly tests your best defences and enables you to become more cyber resilient than ever, do check out more details about our Cyber Tabletop Exercises here.
Check this blog out to know more about the advantages of remote cyber exercises, the kind we conducted for Aster Housing.