Date: 27 April 2021
Given the complex cybersecurity challenges created by the Covid-19 pandemic, it has become imperative for organisations to regularly test their cyber resilience, security solutions and incident response plans. The people, especially the board and senior management, of any company plays a huge role in ensuring that it is prepared to combat security breaches and security risks. Therefore, Waverton Investment Management decided to conduct an cyber crisis tabletop exercise with Cyber Management Alliance and the workshop was geared towards the company’s board members for the first time.
In this blog, we cover:
1. Objectives of the board-focussed Cyber Crisis Tabletop Exercise
2. Benefits of the workshop
3. Formal Report and Presentation
In 2020, IT has been the frontline for businesses, whether in terms of critical infrastructure or network security. Cyber-attacks have evidently increased since last year and this has led to an almost forced increase in awareness about cybersecurity amongst staff and key personnel. The pandemic has made sure that every organisation takes a bigger step towards evaluating its security measures and its cyber incident response plans from an internal perspective.
Waverton Investment is one of those far-sighted organisations that leveraged this scenario as an opportunity for collaboration and for enhancing its security culture. With the objective of fast-tracking its digital transformation and strengthening defences against data breaches and cyber threats, it decided to host this incident response plan tabletop exercise targeted at the company’s board members.
Based in London, UK, Waverton Investment Management is committed to creating high-quality investment solutions. It offers bespoke personal services for private clients, charities and institutions. Waverton has roughly 160 base employees. It has had many acquisitions in the last 12 months, making its security requirements quite complex.
Objectives of the Cyber Crisis Tabletop Exercise
Mudassar Ulhaq, the CIO of Waverton Investment, says the idea behind the workshop was to get the CEO and the board members to answer one simple question: “Do you know your roles and responsibilities around cybersecurity?”
He sums up the key objectives of the workshop as the following:
- To simulate Waverton – Having a simulated cyber-attack with a focus on server teams given the home working situation.
- To understand, from the management perspective, whether they knew what decisions to make, whom to communicate with and at what point in case of a cyber-attack.
- To test the company’s crisis management and incident response plans.
Amar Singh, the CEO of Cyber Management Alliance, and the facilitator of the tabletop exercise and Mudassar worked very closely together to build a scenario based on the Waverton IT Infrastructure.
“We used internal systems as a scenario which simulated a “day in life”. Then, a server that they use on a daily basis got hacked. Then we incremented the attack on an hourly or two-hourly basis. It was good to see that the board members engaged with each other much more than they would otherwise. This was the correct opportunity to question them and enquire if they knew what had to be done in which scenario,” says Mudassar.
Benefits of the Scenario-Based Crisis Workshop
Talking of the benefits of having the board in the cyber crisis tabletop exercise, Mudassar highlighted the following:
- It allowed Waverton to demonstrate compliance to external and internal auditors, even though the FCA doesn’t make it mandatory to have a board round table session. However, this was a very valuable exercise. To be able to demonstrate engagement with the board was a new concept for the company.
- The cyber crisis tabletop exercise also increased cross-departmental collaboration – it created great conversations. It highlighted that it’s not just internal responsibilities that are crucial. It’s also about knowing how the press and social media have to be handled, how the PR agency should intervene and assist with the right kind of communications.
Mudassar Ulhaq, CIO, Waverton Investment Management
- Allowed the organisation to assess internal incident response playbooks. The exercise allowed Mudassar to capture what the board’s understanding of the playbooks was and accordingly he has now adjusted the playbooks, as a follow-on from the exercise.
- The exercise reduced the challenge of convincing the board to sanction budgets for technology that’s relevant to the security roadmap. They now understand what security for Waverton entails. The board was able to understand why it’s imperative to spend on data leakage prevention tools. They also understood why it’s imperative to have a SOC technology team for monitoring the business on a 24X7 basis.
Formal Report and Presentation
After the exercise, the Waverton board was provided with a formal, high-level report explaining the efficiencies, processes, procedures and policies. Amar shared highlights of the workshop and any weaknesses he observed.
All areas of improvement were covered in the presentation including the use of Microsoft Teams and how it can be used better. The report, of course, covered recommended actionable remediation items as well.
If you are also interested in conducting a cyber exercise that truly tests your best defences and enables you to become more cyber resilient than ever, do check out more details about our Cyber Tabletop Exercises here.
Check this blog out to know more about the advantages of remote cyber exercises, the kind we conducted for Aster Housing.
You may also want to consider our Breach Readiness Assessment or our SIEM Assessment for assessing the operational aspects of your SoC team and reviewing the related monitoring technology stack.
If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here.
