Cybersecurity tabletop exercises and why you can’t ignore them in 2020

Date: 6 March 2020

With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.

In this blog we cover:

The management of most organisations takes cognisance of the fact that cyber-attacks can and will harm their reputation, business operations and profitability.  

The recent cyber-attack on Travelex is another, amongst several, wake-up calls for business executives. As a direct result of the attack where criminals downloaded 5 GB (a significant volume) of sensitive customer data, Travelex shut almost all IT systems and its staff were forced to use pen and paper. It didn’t stop at the stationery. The company had to halt money sales at banks and supermarkets.

With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis. 

The question is: Is this enough?

Having an incident response plan is commendable and essential but if nobody really knows what’s in the plan, what purpose does it even serve? 

We, at Cyber Management Alliance Ltd, believe that 2020 is the year when businesses will actually have to test their cyber incident response plans and see if they even work. Organisations are going to have to prepare for the worst and practice for it too! Read on to know why… 

How to really test your plans and build a cyber-resilient business? 

There are two ways to build a cyber-resilient business and two aspects of cyber crisis management that all businesses must focus on. The first is creating playbooks and plans of what the IT security team and its allies will do in case of an attack. 

However, these plans and procedures are as good as an uncharged mobile phone that has never been taken out of the box, if they aren’t practiced and rehearsed over and over again. And that brings us to the next and the most vital exercise that you must conduct to validate your existing cyber incident response plan and we call that  a 'Cyber Crisis Tabletop Exercise' or CCTE for short.

What is a Cyber Crisis Tabletop Exercise?  

In its simplest description, a Tabletop Exercise is a verbally-simulated scenario which can have a serious business impact if it were to occur in real life. During the exercise, attendees are encouraged to actually respond to the scenario as they would do if it were real. They then review their actions and discuss how things could have been handled better. These scenarios are organisation-specific and are highly interactive, enabling tangible cross-departmental collaboration and communication.   

New call-to-action

Conducting a Cyber Crisis Tabletop Exercise has massive advantages such as:

  • Helping the business understand the loopholes in its Cyber Incident Response strategy in a highly cost-effective way without causing any disruption to production systems or business in general. 
  • Showing attendees that just controlling the attack and getting the business back in action isn’t enough. You need to also focus on communications and stakeholder management to protect your business reputation and customer trust.  
  • Enabling people to better understand their individual roles and responsibilities in case of an attack, how and with whom they should liaison. It also facilitates better coordination within teams and between different departments. The management is able to assess if any particular section of the staff requires more training in dealing with a cyber crisis. 
  • Facilitating speedy decision-making with less scope for disputes about the next steps when an attack does occur. 

    Cyber Crisis Tabletop Exercise Brochure Download

 

Regulatory Obligations  

With a lot of countries worldwide acknowledging the fact that cyber resilience is critical to business continuity and economic stability, regulators are making it mandatory for businesses to comply with certain specific regulatory standards pertaining to cybersecurity and cyber crisis management.      

36470753_m (1)

 

  • The North American Electric Reliability Corporation, for instance, stipulates in its Critical Infrastructure Protection (NERC-CIP) Requirement 2.1 that Cybersecurity Incident Response plan(s) have to be tested at least once every 15 calendar months. The regulator suggests that this can be done by responding to an actual reportable cybersecurity incident, with a paper drill or tabletop exercise of a reportable cybersecurity incident, or with an operational exercise of a reportable cybersecurity incident.

  • In the UAE, the National Electronic Security Authority, mandates that a variety of techniques be employed in order to prove that any Incident Response plan will actually be effective in real life. NESA’s regulations state that such techniques should include, “Tabletop testing of various scenarios.” It further adds that “Simulations (particularly for training people in their post-incident/crisis management roles)” must be conducted on a regular basis. 

These are just two of the many examples of global regulators, especially of nation-critical infrastructure sectors, who have made it mandatory for businesses to show proof of the fact that their cyber incident response strategies will actually work in case of an attack and sensitive data of the nation or of its citizens will not be impacted. 

Conclusion

As more and more regulators worldwide are becoming increasingly stringent about compliance standards and as cyber threats continue to evolve at an earth-shattering speed, it makes complete sense for all organisations to consider conducting a Cyber Crisis Tabletop Exercise in-house. Just having plans and checklists is no longer enough, from a compliance perspective or from a business resilience perspective. 

Sample Org - Technical Output

Those plans have to be tested, the checklists have to be almost ripped apart, people have to be put under real pressure – it’s the only sure shot way of ensuring that when crisis does hit, the plans and the people executing those plans perform flawlessly. 

If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here. 

New call-to-action

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422
yt-1