Cyber Tabletop Exercise - 5 Requirements for an Effective Workshop
Date: 21 April 2020
Cyber tabletop exercises must be on your radar in 2020 and there’s no two ways about it. Find out what makes a normal cyber response test a really good and effective cyber tabletop exercise.
The current pandemic and global crisis have demonstrated two things:
- Any plans, cyber or not, are pretty much useless, unless they are tested over and over again.
- You have to think 'way, way out-of-the-box' when planning your attack scenarios. Sans the South Korean movie and a multi-decade old book there is no one who predicted the Covid-19 catastrophe.
This blog is not about designing crystal balls to gaze into the future. We are focussing on testing your response plans. Importantly, when it comes to testing your cyber response plans, regulators across the globe, are demanding that companies conduct regular cyber tabletop management exercises to demonstrate that they are prepared to prevent loss of critical data and to protect citizens’ privacy.
It's easy to conduct a test of your cyber response plans but it take effort and planning to conduct an effective cyber tabletop exercise that validates the plans and builds participant muscle-memory. Let's take a look at what you should demand from you cyber response scenario tests.
5 demands that you should make for a successful cyber crisis management exercise
- An experienced facilitator: Holding the attention of top executives or deep-techies for 2-4 hours isn’t an easy job. The facilitator has to not only be adept at hosting an interactive and engaging session, they also have to be experienced enough for others to find intense value in what they have to say. Make sure you find yourself a cyber-specialist who has experience in conducting cyber tabletop exercises, is an authority in cybersecurity with practical, real-world experience and can engage both technical and executive audiences.
- An exercise built on facts: Demand that the facilitator (typically the CISO or the BCP manager) and those in their team have all the facts about the organisation before hosting the exercise. Unless they are aware of what your critical data is and where your crown jewels lie, they won’t be able to draw out a compelling exercise based on believable scenarios for your business.
- A 'real' scenario: Speaking of scenarios, it’s imperative that the cyber tabletop exercise is based on a scenario that is actually relevant to your organisation. It shouldn’t be flimsy. (No, please don't say, we are running a phishing scenario - that’s not good enough). In fact, it should be so real that it jolts the participants into attention and makes them a little worried!
- Carefully chosen participants: Work with your facilitator and identify the key executives in your organisation who must, mandatorily, attend the cyber tabletop workshop (also referred to as a cyber incident response test). This list of attendees must include employees responsible for making critical decisions at the time of crisis, heads of departments, key management reps from departments like HR, communications, legal, marketing and of course, technical staff who know the systems and processes well.
- A formal report: Insist on receiving a formal report at the end of the exercise. This should assess the effectiveness of your incident response plans and related processes and it should provide an accurate score of your business’s breach readiness. You can then work on your weak areas and enhance your cyber resilience.
At CM-Alliance, we have the expertise, the experience and requisite skills to support you in hosting a productive and effective cyber crisis tabletop exercise. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google's Meet (previously known as Hangout)
Importantly, we will present you a formal audit report of the exercise that provides you with important data including a cyber breach-readiness score that provides a good indication about how ready you are to respond to a specific cyber-attack scenario.