Types of Cyber Tabletop Exercises You can Host
Date: 8 September 2020
To ensure that your business is safe at all times and your crown jewels are protected against malicious activities, you need to have a solid cyber incident response plan and you also need to test that plan regularly with a cyber tabletop exercise. But what exactly are cyber tabletop exercises and which types of cyber tabletop exercises can you host in your organisation? This blog covers all these topics and more.
So what exactly is a cyber tabletop exercise? Also known as a cyber disaster recovery tabletop workshop or a cyber incident response test, this exercise aims to evaluate every aspect of your organisation’s preparedness in case of a cyber-attack.
From the technical responses to the tactical ones, the effectiveness of all of them is put to test by an experienced facilitator who will throw multiple cyber crisis scenarios at the participants of the exercise with the objective of showing the organisation the gaps and loopholes that it must plug in its cyber response strategy. You can download our Cyber Crisis Tabletop Exercise Checklist to start preparing for your own incident response test.
Types of cyber crisis tabletop exercises that you can host & practise with:
- Malware Attack: A malware attack is one where hackers infiltrate a device with malicious software. The objective of such an attack is gaining access to personal/sensitive information. It can also be intended to destroy the device with a financial target behind it. As malware attacks are very common to businesses of all sizes and across verticals, it is imperative to host a cyber tabletop exercise that uses a malware attack as its primary scenario.
- Ransomware Attack: A ransomware attack is a type of malware attack that blocks users' access to their own system and information. It is typically accompanied by a message that warns of data theft and leakage or system blockage until the ransomware amount is paid. A ransomware attack can create a very high-pressure and challenging situation for any Security team as well as for the management and thus it must be rehearsed at the time of a cyber tabletop workshop. At Cyber Management Alliance, we run a specific Ransomware Tabletop Exercise, which has been curated in view of how quickly ransomware attacks are growing in number, scale and complexity.
You can also amplify your efforts to prepare for a ransomware attack with our Ransomware Checklist. Keep our Ransomware Workflow and Ransomware Response Checklist handy for when you are actually under attack.
- Unauthorised access: As the name suggests, this type of a cyber tabletop exercise will revolve around a scenario where any entity accesses an organisation's network, data or endpoints without the requisite permissions. This is a very common example of a network security or data breach and thus an organisation must be fully equipped to deal with such a scenario should it arise.
Focus areas for a successful cyber crisis workshop
Do keep in mind that just running these exercises is not enough. To ensure that they are successful and yield the desired results for your business, adequate preparation has to be done before the exercises are conducted. This preparation includes enlisting the business critical assets and the risks posed to them. It also involves ensuring that the exercises have the right focus areas covered.
1. Threats and Scenarios: It is imperative for a successful tabletop exercise that participants understand the difference between a threat and an incident response tabletop scenario. A scenario typically refers to a series of activities that intend to compromise a business critical asset.
In a cyber tabletop workshop, the facilitator will often create a scenario that is relevant and potentially very dangerous to the business. The exercise will include emphasis on questions like who the threat actor in the scenario is, what is their intent and what will they do once they have managed to successfully compromise the system. An exercise based on threats and scenarios is vital to understanding the risks the business in question is at and if the cyber incident response plans of the organisation are foolproof enough to combat these risks effectively.
2. Threat Actors: Every cyber tabletop workshop will focus on unraveling the various threat actors that a business could be compromised by. A highly effective example of a cyber disaster recovery tabletop exercise is one where the facilitator enlists different possible threat actors (such as an insider, a privileged user, a cyber criminal with malicious intent, a hacktivist etc.) and the participants are cajoled into assessing the impact that these threat actors could have on the business and test their processes keeping the threat actors and their possible intent in mind.
3. Critical Assets: A compelling example of a type of cyber tabletop exercise is one where the critical assets of the business are compromised. In this exercise example, participants are forced to confront the business impact of an attack on their crown jewels and re-assess their plans for protecting these assets and mitigating the blow on the bottom-line. It is essential for business continuity that there is a solid plan for ensuring the safety of business critical assets and responding swiftly to any possible attack on these assets.
Cyber Management Alliance is well-equipped to cater to the remote cyber crisis tabletop exercise requirements of organisations of every size and nature. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google Meet.
Importantly, we will present you a formal audit report of the exercise that provides you with important data including a cyber breach-readiness score that provides a good indication about how ready you are to respond to a specific cyber-attack scenario.