The explosion in the number of cyber threats and cyber attacks during the pandemic have reiterated one lesson for business owners across the world - their business can be the next target!
Most security savvy organisations have ramped up their incident response efforts post 2020. They’re also investing heavily in technology solutions that can protect them from the next ransomware attack or malware infection. Advanced detection systems and threat intelligence capabilities are a great place to start.
However, to cultivate cyber resilience over the long term, it is essential to blend advanced technology solutions with proper training and orientation of human resources. This is where Cyber Incident Planning and Response comes in. The whole idea behind this critical concept of cybersecurity is that if/when an incident occurs, the key stakeholders and decision makers in the business know what to do, whom to reach out to, how to communicate etc.
What are tabletop exercises?
The Cyber Incident Response Plan aims to build muscle memory for the management, business executives and IT staff. The idea is that in times of chaos, nobody should be panicking directionless with no idea about what to do.
Sadly, however, muscle memory cannot be harnessed through plans alone.
These incident response plans need to be tested, questioned, debated over, practised and rehearsed repeatedly to truly fulfill their purpose. After all, what good are the plans if nobody knows what’s in them.
This is precisely why Cyber Tabletop Exercises have become so critical to effective incident response today.
How do you run a Cyber Exercise?
Cyber Tabletop Exercise Scenarios can range from ransomware attacks to malicious software infections. The idea is that the scenario must be very relevant to the business.
It should be based on the compromise of one of the most critical assets of the organisation and the attack methodology should also be plausible, in relation to the business and its operational model.
The security tabletop exercise scenario should be capable of creating a real sense of panic in the participants of the organisation. It should be so real that it forces them to think the way they would if the attack were to actually happen.
The scenario should be built in a foolproof way, such that the exercise participants aren’t able to find any loopholes in it, thereby rendering the exercise less or even ineffective.
For this, it is also important that the external facilitator you hire to conduct the incident response tabletop exercise for you is deeply experienced. Only a highly experienced practitioner and facilitator will be able to keep workshop participants (who may be from completely non-technical backgrounds) engaged and involved in the exercise.
The facilitator should have the technical as well as soft skill expertise to elicit a strong response from the exercise participants. He/She should be able to recreate an environment of panic and chaos during the exercise, so that the participants delve into their personal knowledge pools and awareness of the incident response plans to make decisions and act the way they’re expected to.
At the end of the cyber crisis tabletop exercise, the participants should have a better idea of their individual roles and responsibilities. They should also be more conversant with what’s in the cyber incident response plans and they should be aware of how they will implement the steps in the incident response plan when the time comes.
Download our Cyber Crisis Tabletop Exercise Checklist to get a better understanding of how you can prepare for this most critical exercise in your cybersecurity resilience strategy.
