If you’ve heard cyber insurance or risk management professionals bantering recently, you’ve probably caught onto the buzzword ‘tabletop exercises.’
Without wanting to look naïve, you tap the phrase into a Google search, only to find it’s not a tool used by just the cyber community. Organizations and government agencies have been leveraging tabletops for decades to discuss simulated emergency situations. But recently, tabletop exercises have rapidly gained momentum in cyber security contexts.
Tabletop exercises go by a number of different names: “war games,” incident response drill, incident response simulation, etc.
The goal is always the same: to test an organization’s ability to respond to a cyber security incident.
Tabletops are essentially a fire drill to practice the crisis situation of a cyber security incident. Organizations develop the muscle memory to respond effectively and efficiently when there’s a privacy or security issue in real time.
The simulation facilitates discussion amongst your incident response team and validates the team’s ability to respond to a breach. This activity will test your team’s ability to mobilize, make decisions, and deliver a structured response in an environment with constantly changing facts.
Types of Tabletops
There are different ways to test your ability to respond.
Some tabletop exercises are strictly focused on the legal side. They provide guidance on how to proactively prepare for litigation and comply with the intricate notification regulations that differ state by state.
Other tabletop exercises are much more technical in nature. These focus on the detection and analysis of anomalous activity, along with further prioritization, containment, eradication and recovery.
There are even tabletops that focus on operational details that create inevitable bottlenecks in response times, like providing identity protection or hosting call centers.
An effective tabletop for cybersecurity covers all of these issues and poses questions for the team to prompt action towards mitigating the overall risk. Taking a comprehensive approach during a tabletop – from the legal, technical, and operational viewpoints – helps visualize the impact of a security incident to the organization as a whole. Organizations can use the results to identify gaps and areas for improvement.
How does a tabletop help mitigate my cyber risk?
According to data from the Ponemon Institute, employee negligence poses the biggest security threat to all business organizations. Awareness and training are key to combatting those risks from the top down.
A tabletop exercise is a practical tool to get the executive team “on board,” by bringing together key decisions makers and exposing them to the potential harm of a disaster cyber scenario. Once exposed to the possible implications of the risk, these influencers can then help promote a culture of privacy and cyber security within an organization.
Who is involved? Why does this exposure help bring awareness?
An exercise on incident response is typically designed to take a cross-functional approach and engage colleagues from different departments that each have a stake in the breach response process. We encourage organizations to develop an ‘Incident Response Team,’ including the following representatives:
- IT/Network Security
- Executive Management
- Human Resources
- Business Continuity
- Risk Management
Each of these roles will help an organization realize the overall impact of a cyber security incident on day-to-day business activities, overall perception, reputation, and compliance. The Incident Response Team members responsible for a breach response should participate in the tabletop exercise.
Most times, we’ve found these particular individuals rarely find themselves sitting in the same room together. The tabletop simulation provides a unique opportunity to practice as a team and develop a cohesive response unit.
What does a tabletop exercise test?
A tabletop exercise is designed to test your team’s awareness of the response process during a cyber security incident, and what issues must be addressed to deliver an effective response.
Typically, an organization’s Incident Response Plan (IRP) is incorporated directly into the simulation. An IRP is a critical component to ensuring that organizations are prepared to respond efficiently and effectively to a data security incident.
If an organization hasn’t quite developed their IRP yet, a tabletop exercise can still be valuable. It provides an impetus that’s needed to initiate an incident response planning program, or incite individuals to develop a plan.
Tabletop exercises are focused on strengthening your organization’s ability to respond to a data security incident by developing a strong internal team, ensuring that team members understand their roles and responsibilities, identifying critical response tasks and considerations, and providing a framework to ensure that resources are used wisely and efficiently in the event of a data breach. Testing the incident response plan is critical to identify gaps and improve the plan.
Whether your organization is equipped with an Incident Response Plan or not, it’s important to consider the benefits associated with cybersecurity’s new buzzword. A tabletop exercise mitigates cyber risk through testing the organization’s response team, identifying gaps, and providing a forum to interact on emerging threats in cyber security and privacy.
For more information or advice on tabletop exercises, feel free to reach out to our cyber team – firstname.lastname@example.org – to get in touch with an Incident Response Specialist.