The Importance of Tabletop Cybersecurity Exercises
The military is always on the cutting edge of technological and strategic innovations. While they usually use war games to train personnel, these exercises can be difficult to schedule and expensive to execute. However, tabletop exercises, where key personnel deliberate on various simulated emergencies or rapid response situations, are cheaper, much easier to set up and can be just as productive as war games. Tabletop exercises improve a teams’ disaster preparedness, coordination skills and role/responsibility disruption under duress. And these exercises also help program managers identify deficiencies in cybersecurity process/procedures, personnel shortcomings and additional training requirements.
From GPS and radar to duct tape and computers, military inventions are often later adopted by the public—tactical simulations are no exception. Many organizations only use a cybersecurity incident response (IR) plan; however, this is not enough as it is purely theoretical and not wholly representative of an actual cyberattack. And despite the rapid growth of the cybersecurity industry, cybercrime is still on the rise. Hackers regularly compromise corporate systems because businesses continue to leverage outdated security postures and maintain poor practices resulting in unprotected and vulnerable data. Alternatively, companies should adopt tabletop cybersecurity exercises – which, much like the military’s equivalent, simulate actual attacks to better prepare individuals for real-world scenarios.
What Exactly is a Tabletop Cybersecurity Exercise?
A tabletop exercise is a verbal preparedness activity where participants are taken through a simulated security incident and given hands-on training to highlight flaws and areas of improvement in their response planning. The primary goal is to evaluate a business’ IR plan and IR team’s reaction to a cyberattack, reveal gaps in the IR plan and practice responses without the risk of damaging or disrupting normal business processes. Ideally, tabletop exercises should base their scenarios on realistic occurrences or even historic breaches or hacks on other businesses. Moreover, an outside-in view from a trusted cybersecurity partner will allow employees to play out these real-world scenarios, providing insights and research along the way to challenge information security teams. Tabletop exercises must consider an organizations’ assets, tooling and vulnerabilities; businesses must also possess a thorough understanding of their own risks and the types of attacks a malicious actor will most likely use against them.
The Benefits of a Tabletop Exercise
Continuous practice makes perfect; the same is true for cybersecurity. Ultimately, tabletop exercises will reduce the risk of damage from a cybersecurity attack, which gives businesses greater peace of mind and confidence that their experts can execute a recovery plan efficiently. These exercises bring teams together, increasing their effectiveness and enhancing cooperation and communication between key people across departments beyond just IT. Employees will also develop a clear understanding of their responsibilities, hone their decision-making skills and learn how to support the incident management processes. Likewise, periodically vetting IR plans and security teams with tabletop cybersecurity exercises serve as tangible demonstrations and benchmarks of current threat response effectiveness—allowing businesses to reassure their board and key stakeholders of the company’s readiness and preparedness.
The Importance of an Outsider’s Perspective
As mentioned earlier, a trusted cybersecurity partner will have an honest and objective view of a business and can provide the greatest challenge for information security teams. Consider how a scrimmage against the practice squad isn’t an accurate assessment of one’s skills compared to a match against the competition. A third party or trusted partner can also give an unbiased assessment a company’s current cybersecurity defenses, readiness and resilience. Then they can give appropriate design recommendations, enhancements to an IR plan and countermeasure training for IR teams. Additionally, an expert cybersecurity partner can simplify a business’s response to attacks by setting up a technical roadmap outlining potential automation methods with third-party platforms. Similarly, they could prepare implementation documentation, including workflows, layouts, a role access matrix and notifications. If a partner is especially knowledgeable and experienced, they may create customized build-outs and integrate new platforms into an organization’s existing infrastructure.
New Cybercriminals Require new Defenses
With cybercrime increasing in frequency, sophistication and consequence, tabletop security exercises must become a regular aspect of one’s business. As with the military, sports teams, the fire department, etc., organizations can’t expect successful results if they never train or practice for real scenarios. Even the current philology behind cybersecurity of early detection and rapid containment emphasizes the necessity of performing tabletop exercises multiple times a year. Furthermore, an attitude change is just as necessary as the adoption of table exercises – there are bad actors out there who intend to harm, and businesses must practice accordingly.
