The Importance of Tabletop Exercises in a Cybersecurity Plan

Former FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked and those that will be.” Either way, your company needs to be prepared.

If your organization has a cybersecurity risk management plan, are you confident it will work effectively? Or maybe your organization does not have a plan, would you know where to start? Cybersecurity can often seem like one big gray area, but at Gray Analytics we’ve got that covered.

What is a tabletop exercise?

Tabletop exercises are tools used to validate the content of IT plans, such as cybersecurity risk management plans, contingency plans, and incident response plans. This ensures the plan content is viable and implementable in an emergency situation. Tabletop exercises should be conducted periodically to adequately identify the needs and objectives of the company.

Once an organization determines the need for a tabletop exercise, the exercise itself must be designed based on the company’s current threat landscape. The goal of the exercise is to validate the team’s observance of related plans, polices, and procedures and to monitor how well participants respond in their roles. A facilitator will conduct the tabletop exercise where communication can easily be encouraged among all participants.

The facilitator will begin the exercise by providing a brief overview of the scope and objectives then the discussion will begin. All results and lessons learned are captured in an after-action report, which contains background information about the exercise, observations, and any relevant recommendations to strengthen an organization’s cybersecurity preparedness.

Tabletop exercises can test a variety of cybersecurity events such as ransomware, malware, insider threats, or other disruptions such as natural disasters, supply chain issues, and geo-political implications.

Why is a tabletop exercise so important for your cybersecurity plan?

According to the National Institute of Standards and Technology (NIST), “Although it is important to have plans in place to help an organization respond to and manage various situations involving information technology (IT), it is equally important to maintain these plans in a state of readiness. This includes having IT personnel trained to fulfill their roles and responsibilities; having plans exercised to validate their policies and procedures; and having systems tested to ensure their operability.”  

Tabletop exercises are critical for clarifying roles and responsibilities, but it is only effective if key personnel participate during the exercise. Participants should engage in the conversation and challenge their fellow co-workers. Tabletops are ideal for training not only the IT team, but also executives, public relations teams, and human resources teams. Below are a few questions each team should be able to answer after a tabletop exercise:

Executives

• When would you consider paying a ransom and how would you go about sending the payment?

Public Relations

• How would you respond to a threat actor posting on your company social media announcing that they have breached your systems and demand a ransom?
• How would you handle concerned customers and business partners calling in for more information?
• How would you handle the media?

Human Resources

• How would you handle a possible insider threat situation?

Speed and accuracy are crucial when it comes to responding to a cyber event, but the only way to achieve this is through practice. Being proactive and testing a response plan in a safe and controlled environment enables an organization to determine whether the plan is effective. Tabletops also identify gaps in cybersecurity programs as well as incident response plans. It is better to find a flaw during a training exercise than when trying to respond to a real event.

Only through testing can you ensure that the desired ROI from your cyber investment is realized. Conducting a tabletop exercise can potentially save an organization hundreds of thousands of dollars in ransomware, malware, or data breach recovery expenses. Exercises are a cost-effective investment that will prepare organizations for a disruption at any time.

What should you do with the results of your tabletop exercise?

As previously mentioned, the results and lessons learned during an exercise as well as the objectives and debrief comments will be presented in an after-action report. The report will list any relevant recommendations to strengthen a firm’s cybersecurity preparedness. Once the report has been reviewed, action items need to be assigned to proper personnel to update the cybersecurity risk management plan being tested. These updates will need to be reflected in the report and all parties need to be notified of the changes. If needed, an organization can conduct an additional tabletop exercise to test the updated plans and procedures.

reach out to our experts today
to get started Safe . Secure .
Compliant . Gray Analytics keeps you and your operation safe from today's biggest cyber threats.

Why Gray Analytics?

At Gray Analytics we understand that defining an organization’s cybersecurity objectives and goals is the first step to success. It is critical that businesses understand their risk to better insure their environment in the event of an attack. Gray Analytics can provide transparency to your cybersecurity risk management plan through a tabletop exercise.

Our team of professionals offer end-to-end services that will keep your operation and data safe–allowing your team to focus on day-to-day operations and growing your business.