What are Tabletop Exercises? How They Can Improve Your Cyber Posture
According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage.
A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.
What is a tabletop exercise?
Tabletop exercises are informal, discussion-based exercises designed to help organizations identify gaps in their current incident response program. They simulate a cyber event or incident and stress-test an organization’s response policy, plan, and procedures to assess effectiveness within an organization’s business units.
The key objectives of a tabletop exercise
While the objectives for conducting a tabletop exercise vary, here are some that apply to many organizations:
Stakeholders involved
The following personnel may participate in tabletop exercises:
How does a tabletop exercise work?
Tabletop exercises include the following staff:
Facilitators and staff meet at a set time to discuss a specific scenario. The scenarios are relevant to the organization’s threat profile, allowing them to accurately test their security posture and rehearse incident response programs based on a realistic threat.
The length of the exercise largely depends on the audience, size of the company, and the sophistication of the incidents being exercised. Some discussions can easily last up to 4 hours, but it’s generally best to keep them to 1-2 hours on a quarterly basis to maximize time and cost-effectiveness.
Recommended by LinkedIn
Tabletop exercise examples
Typical Tabletop Exercise Scenarios may include:
Let’s look at an example scenario that could be used for a tabletop exercise:
Your organization is contacted by ransom operators who have seized and encrypted sensitive data. They are requesting $1 million ransom in Bitcoin payments in exchange for the data not being publicly released or deleted.
In this scenario, the main priority would be to secure other assets in your organization to prevent further damage. Exercise participants would discuss current policies and procedures; activate the company’s incident response plan, and utilize additional security controls that may prevent further escalation.
What needs to be done to ensure all other data is safe? Have you exercised your portion of the incident plan and are ready to contact your legal firm or partner who provides incident response services to support you?
Another factor to consider, among others, would be communication with external parties such as law enforcement or other government agencies. Who is responsible for maintaining that communication?
Is a tabletop exercise appropriate for your organization?
Rehearsing for a cybersecurity incident is preparation that pays off in the long run. Through an Incident Response Tabletop Exercise, real-life scenarios help security teams and business leaders uncover gaps in their incident response plan and test the team’s ability to respond effectively and efficiently to an incident such as a ransomware attack, significantly improving your response in the event of an actual attack.
Tabletop exercises are best for organizations that already have an incident response plan in place. Exercises will help them build on what they already have. Improvising during an exercise without a rehearsed plan could impact business continuity, cause reputational damage with customers, and lead to monetary losses .
Another key factor is institutional buy-in. A tabletop exercise should result in an outcome, which may include changes in current plans and policies. This requires approval and buy-in from stakeholders throughout an organization and starts with leadership.
How SecurityScorecard can help
Our highly trained and engaging consultants bring your tabletop exercise to life, inspiring your team to work through real-world incidents while exercising your incident response program. We currently offer the following exercise types:
Afterward, SecurityScorecard consultants share industry best practices and stories from real-world incidents.
Our team will start by reviewing your business’s incident response plan and processes, and interviewing key personnel to understand your environment and the key risks and threats you are managing. We will then develop a bespoke scenario for your business, which reflects the specific nature of your organization. Exercises are structured to meet your objectives using simulated scenarios that have the potential to impact your company. You’ll walk away with identified gaps and recommendations on how to improve and bolster your cyber readiness.
For more information, speak with a member of SecurityScorecard’s Professional Services team today.