Ransomware tabletop exercises and why you can’t ignore them
Date: 25 November 2021
Ransomware tabletop exercises enable you to test whether your business is equipped to deal with a ransomware attack and mitigate its impact. If you want to know why this is essential, sample these stats: Every 15 seconds, somewhere a business is impacted by ransomware. This number is expected to reduce to 11 seconds by the end of this year. Since 2016, the US alone has seen 4,000 ransomware attacks on a DAILY basis. It's the most prominent malware threat globally and can bring a business to its knees for an average of 21 days. The only way you can offer your business any protection from this scourge is to prepare for such an attack in advance and then test your preparations in a simulated environment.
The management of most organisations takes cognisance of the fact that ransomware attacks and cyber-attacks can and will come for them, harm their reputation, affect business operations and ultimately impact profitability.
For those who still hadn’t acknowledged the massive threat that ransomware poses, the recent attacks on global giants like Colonial Pipeline, Acer, CNA Financial (which paid a ransom of a whopping $40 million) have been compelling wake-up calls.
The message is clear: If you want to protect business continuity and the brand reputation you’ve built so painstakingly, you need to have a plan to protect your business against ransomware attacks. You can also check out our Ransomware Checklist to ensure your business is adequately protected.
You’ve got to train your staff in cyber incident response, you have to work with your teams to create a ransomware response checklist and you have to test your incident response plans repeatedly, under a simulated, high-tension environment.
Given the recent spate of crushing ransomware attacks that businesses of all scales and natures have had to face, we at Cyber Management Alliance strongly believe that this decade is going to be all about protecting against such attacks. The only sure-shot way to do so is conducting regular ransomware tabletop exercises by hiring experienced external practitioners who can give your team the kind of rigorous practice and pressure required to think lucidly when the attack does occur.
How to really test your organisation's resilience against ransomware attacks?
Organisational cyber resilience is built in two simple ways – (A) By creating an incident response plan which outlines what the IT & Security teams must do when your business is under attack. (B) By testing these plans over and over again just like airline pilots are made to do repeated simulations of various system failures that can occur while flying a plane.
The logic behind both these test practices is fairly simple – building muscle memory. You can have as many plans as you like, but if nobody knows what’s in them and how to carry them out, what good are these plans to begin with? Similarly, an airline can buy the most advanced aircraft technology and accompanying checklists. But if the pilots aren’t trained to rehearse these checklists under simulated environments that test their decision-making skills in case of a mishap, an unfortunate occurrence is inevitable.
The idea here is not to create fear, panic or chaos but to drive home the point that ransomware tabletop exercises are now becoming critical for businesses like never before.
What is a Ransomware Tabletop Exercise?
A Ransomware Tabletop Exercise is a verbally-simulated exercise which emulates exactly what will happen if your business becomes the victim of a ransomware attack - which assets might be attacked, what the hackers might demand etc.
During the exercise, attendees are encouraged to actually respond to the ransomware attack as they would do if it were real. Their actions and decisions are then reviewed by the expert external facilitator and discussions follow on how things could have been responded to better. The ransomware tabletop exercises also open discussions about vital aspects of ransomware breach readiness such as "Will you negotiate with the criminals?", "Will you pay the ransom?" etc.
Conducting a Ransomware Tabletop Exercise has massive advantages such as:
- Helping business executives identify and understand what their critical assets are and what will happen if these assets are brought under attack. Our Ransomware Readiness Assessment gives more detailed insights into this aspect of your cyber resilience.
- Facilitating speedy decision-making with less scope for disputes about the next steps when a ransomware attack does occur. The ransomware tabletop exercise will ensure that a bulk of questions that need answering have already been thrashed out and mulled over. Chances of chaotic disputes at the time of attack are mitigated with ransomware tabletop exercises.
(You can also keep our Ransomware Response Workflow handy to avoid chaos and confusion when crisis strikes.)
- Helping the business identify and understand the existing gaps in its Cyber Incident Response plan through a cost-effective exercise that causes minimum disruptions to its operations.
- Enabling attendees to understand that just paying the ransom may not be enough. In fact, in many cases businesses have not got their data back even after paying the amount demanded.
- Allowing participants to understand their own roles and responsibilities in case of an attack. The ransomware tabletop scenarios will also help them understand whom they should liaison and coordinate with in case of an attack. The detailed executive report following the tabletop exercise enables the management to know if certain sections of the staff need further training.
The scourge of ransomware is on the rise and there’s no denying it. Some estimates suggest that over USD 350 million were handed in ransomware payments in the last year alone, not to mention the business reputations and in many cases, daily services like gas supplies, healthcare etc. that have been impacted.
This trend is only likely to amplify as businesses become more heavily reliant on digital infrastructure with each passing day and cryptocurrency makes it increasingly easy for criminals to accept anonymous ransom payments.
What businesses can do is simply protect themselves by prioritizing cybersecurity, cyber resilience plans and then repeatedly practicing what to do and how to behave when under a ransomware attack through tabletop exercises. They can enlist the help of professionals who have been in the line of fire before and leverage their experience and expertise to sharpen their own focus and conduct effective ransomware tabletop exercises.