In leading your organization’s information security practices and behaviors, your Incident Response Plan must become a living-breathing document as you combat attackers. Tabletop exercises are an effective, hands-on way to teach your organization proactive security before an incident occurs.
First things first, your business must have an Incident Response Plan written and documented before conducting a tabletop exercise. The Incident Response Plan serves as the blueprint that enables staff to detect, respond to, and recover from security incidents. If your organization has an IR plan in place, the tabletop exercise can validate that plan, or it can highlight lapses that need to be addressed.
In a 2018 study, IBM reported that “77% of business leaders admitted that they don't have a formal cybersecurity incident response plan that's applied consistently in their organization.”
The National Cyber Security Alliance reports that 60% of small and mid-size business that are attacked never recover. On average, businesses closed within 6 months of that breach.
Building an Incident Response Plan is a critical step for your business, and the damage that a data breach creates is connected to the effectiveness of your organization’s incident response in the real-world.
In order to be most effective in your incident response, a tabletop exercise is not a one-time effort, but a necessary tool that you can continuously use in your organization long-term.
Completing a tabletop exercise will provide you with a number of takeaways you can use to improve your security posture and to give you confidence in meeting challenges for your team, the client, and other company leadership.
Here are 10 takeaways you can gain from conducting a tabletop exercise within your organization.
1. Improve your cybersecurity posture.
Protecting your company from the negative effects of a breach begins with identifying gaps before the attackers do. (This includes gaps in your employees’ cyber awareness.) The same sentiment can be applied to incident response: protecting your company from the effects of a breach is confirmed in your response speed and effectiveness.
Tabletop exercises improve your posture by assessing risk and discovering gaps in your team’s response.
2. Validate your IR plan.
If you’re not sure that your security team can handle an incident, conducting a tabletop exercise confirms your security posture, one way or the other. It’s best to know if your incident response is timely and effective before you see it play out in real-life. This validation can bring you some peace of mind about your plan and your team’s capabilities.
3. Know your key SMEs and their roles and responsibilities.
With a tabletop exercise, you will have the opportunity to know your team on a deeper level. You’ll identify your key subject matter experts and their roles when an incident occurs, who does what and when. In turn, your SMEs will also better understand their roles and responsibilities to protect the organization’s data.
4. Focus on awareness training, possible breach and attack scenarios specific to your industry.
Are your employees aware of your ongoing security efforts or of the attacks happening in your industry specifically? Attacks occurring in e-commerce can be a bit different than attacks in manufacturing. Knowing how an attacker may try to breach your business creates room to educate your employees on security best practices. Every employee is part of your overall security effort.
The tabletop exercise can help identify gaps in awareness and prepare you for industry specific scenarios.
5. Dedicate time and resources to the tabletop exercise.
You and others on the leadership team are busy, but with a tabletop exercise, you can set aside the time and energy to focus on real-life security response. Without a tabletop exercise, your organization’s attention may be more difficult to focus as your priorities shift day-to-day or quarter-to-quarter. Conducting a tabletop exercise may even relieve you of some stress or concern about protecting the business from a breach.
6. Review assets and tools to maximize your response effectiveness.
Assets and tools change over time. To be most effective in your response, knowledge of your business’s assets, systems, and tools is critical to ensure you cover your bases. By conducting tabletop exercises throughout the year, this review could become a quarterly practice.
7. Use feedback to close gaps in communication and processes.
For effective incident response, the left-hand must know what the right-hand is doing. A third-party, objective facilitator provides feedback on communications and processes, internally and externally with outside agencies. The facilitator sees the bigger picture of how your teams work together.
8. Conduct simulated, real-world validated incident response training.
The best training utilizes current knowledge and practices that reflect your real-world scenarios. In a simulated training, you’re able to take security from a headspace to your workspace. The real-world evolves and so should your security and response.
9. Demonstrate that you are prepared to protect your company and client data.
In many organizations today, incident response and tabletop exercises are mandatory as part of a cybersecurity audit. Although a tabletop may become mandatory, that doesn’t mean your tabletop stops being useful in discovering gaps in your response. This isn’t a rote exercise, but a live discussion of a real-world scenario that your organization may experience.
Tabletops should ideally be a scheduled four times every year. Ideally, tabletops would become an ongoing part of your company’s security audit.
Also keep in mind that your clients may be hearing about a data breach every week, but you can show clients you have data protection top of mind. The CEO and other members of your leadership team are most likely concerned with data protection as well. Setting aside time to prepare for an incident shows that you value the people you’re serving.
10. Be more effective in your cybersecurity audit preparation.
By conducting a tabletop exercise, you discover gaps in your organization’s security response, and by conducting a facilitated tabletop, your facilitator can also provide a third-party, objective perspective on areas of your security posture that may need to receive more attention.
Your cybersecurity audit preparations, if beginning with a tabletop exercise, will shed light on other areas of concern where a pen test or vulnerability assessment could be performed. Overall, a tabletop can boost your visibility as you audit your defenses, not to mention validate your policies and procedures.
And you’ve heard this before: it’s not a question of whether your business will experience a breach, but rather when it will happen. Before that day comes, the best you can do for your business, your employees, and your customers is to prepare as best you can.
Your security confidence may never be 100%, but you can demonstrate that you set the example in proactively preparing to protect your data and the people that data represents.
Want more? Read...
- How Often Should You Really Test Your Incident Response Plan?
- How to Mature Your Organization's Cybersecurity Response
- RedLegg's Tabletop Exercise Service