What Actually Happens in a Cyber Tabletop Exercise
Date: 15 September 2020
You’re aware that without a cyber incident response plan you’re exposing your business to incomparable risk. You also know that these response plans are reliable only if you test their validity and effectiveness on a regular basis with cyber crisis tabletop exercises (CCTE). But do you know what really happens during these cyber crisis workshops that makes them so critical to your business continuity?
In this blog, we cover the following key aspects of an effective CCTE:
The imperative phases of a cyber tabletop exercise
1. Identifying the right stakeholders
This may sound like the rudimentary first step for any exercise but it takes on a whole new dimension when it comes to cyber tabletop exercises. Upon being asked to identify who will participate in such a workshop, the management is making a larger decision about who the key stakeholders are in the cybersecurity decision-making process for their business. The stakeholders can often be department and hierarchy agnostic. For instance, the participation of a junior level IT manager may often be more important than that of a senior business executive. Hence,the process of identifying participants of a cyber tabletop exercise is a more strategic and long-term decision critical to the health of the business, than may appear otherwise.
2. The scenario
For a cyber tabletop exercise to be successful, it is essential that the facilitator of the exercise is an expert CISO and trainer so that she/he comes up with a scenario that is relevant and capable of generating actual fear and anxiety in the minds of the participants. The scenario cannot be flimsy and run of the mill. It must be specific to the business, its model, operational framework and be based on risks and threats that are real for the organisation in question.
3. The actual exercise
During the exercise, the facilitator will create an atmosphere of pressure and pandemonium so that participants are subject to a simulation of exactly the kind of environment they can expect during a real attack. The scenario in question will unfold in rapid stages so that the stakeholders are forced to think on their feet, collaborate with the right people and respond with alacrity, the way they would do if their company was under an actual threat. The actual exercise has to be as close to reality as possible for the cyber tabletop exercise to go beyond being mere lip service to a truly fruitful initiative. If this is achieved on a regular basis, the management can hope that the participants have had adequate mental training and exposure to emulate at least half of their behaviours from the workshop in a real-life crisis.
4. Evaluation and Report
Any good cyber tabletop exercise provider will offer a formal evaluation and report at the end of the workshop. Frankly, without this report, the exercise can largely be deemed as futile. The report is a critical look at the cybersecurity infrastructure, incident response plans and processes, inter-departmental coordination and the calibre of the staff to adequately respond to an attack such that the damage caused by it is mitigated to a minimum. In the absence of the evaluation, it will not be possible for the management to see the loopholes in their strategy and their preparedness. At the end of a cyber tabletop exercise, the business should ideally receive a breach readiness score that it can work with to ramp up its defences.
At CM-Alliance, we have the expertise, the experience and requisite skills to support you in hosting a productive and effective cyber crisis tabletop exercise. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google's Meet (previously known as Hangout).