REDLEGG BLOG
Blog-Mature-Response

How to Mature Your Organization’s Cybersecurity Response

Jul 24, 2019 8:00:00 AM  |  by RedLegg Blog

Download The Tabletop Exercise Guide

Cybersecurity has quickly become a critical necessity for every business, and more so than ever before, IT teams and whole organizations must advance their cybersecurity maturity and practice their incident response.

In 2018, cybersecurity incidents cost businesses $45 billion, and cybersecurity oversight might be making its way to your company’s board, showing that interest in the effectiveness of your company’s cyber efforts is growing.

To mature their organization’s cybersecurity capabilities and to handle future incidents, companies are turning to incident response tabletop exercises, a response activity meant to validate your Incident Response Plan and to reveal that plan’s pitfalls.

Tabletop exercises can bring a competitive edge to your operations, better helping you survive a breach and its aftermath. Because it’s not a matter of if you will experience a cyber attack but when.

Why Security Mature Organizations Conduct Tabletop Exercises

Tabletop exercises can be conducted at any stage in your company’s lifecycle, at any stage in its security operations. Here are four reasons why maturing organizations choose to practice their incident response with tabletop exercises:

1. Incident response tabletop exercises allow for creative potential.


We all prefer peace of mind when it comes to our cybersecurity, but organizations who conduct a tabletop exercise tend to review their operations and their posture with fresh eyes. Leadership may be asking the security team to improve, to innovate, and to keep pace, putting pressure on IT teams while the IT team may think that the company will most likely be protected from an incident given their current systems and capabilities.

Conducting a tabletop exercise can humble all parties at an organization to take responsibility in improving the company’s cybersecurity posture and in identifying weaknesses in incident response. Overall, tabletop exercises can improve teamwork across the organization and allow for creative solutions to risk and potential oversight.

2. Tabletop exercises are part of internal and external requirements.

About 80% of tabletop exercises are usually mandated for organizations. Companies who are further in their lifecycle might be more likely to experience these kind of internal requirements related to incident response. But if your company doesn’t have an internal requirement like this yet, why not make it part of your next set of company goals to help extend your business’s longevity and continuity when a breach occurs?

We’ve found that when it comes to self-improvement vs external motivation, external motivation far outweighs the drive for self-improvement. External forces may require a company to demonstrate that the organization practices their incident response, but completing this “soft requirement” shows that your company goes the extra mile to protect customer data and your company’s greatest assets. Creating your own requirement demonstrates this value even more.

3. Tabletop exercises validate your Incident Response Plan.

Having an Incident Response Plan is helpful, but without testing it with a tabletop exercise, how do you know that it will be effective? Consider your Incident Response Plan a starting point and a document that must be continually modified and adapted to your current organization’s people, processes, and technologies.

Third party tabletop exercise facilitators bring the most value to incident response training and testing, while also providing an objective assessment of the validity of your current IR Plan.

4. Tabletop exercises prepare you for the worst that will happen.

We like to think we can avoid a cybersecurity incident, but our security posture and peace of mind will never really be at 100%. Tabletop exercises, though, can give you practical peace of mind, knowing that your teams can handle an incident in real-life to the best of your capabilities.

While the Incident Response Plan itself isn’t a fail-safe to protect your company from a breach, tabletop exercises simulate real-life scenarios. And unless you practice your response and train for an incident, you might not know how your teams will react and interact when the incident occurs.

While preparing for your next incident, know that the little things can make a big difference. To prepare for the worst, your plan should adapt to your current organization’s structure: its people, its processes, and its technologies. Working and communicating together amongst your teams through an incident response tabletop exercise can help provide insight into these more detailed intersections.

Tabletop exercises are a systematic way to mature your security operations and to give you the insight you need for your organization’s next steps.

Maturing cybersecurity teams and organizations can turn to incident response tabletop exercises to practice their response and to get ahead of their next incident.

What will your next step be?

Download The Tabletop Exercise Guide

Want more? Read…

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

An Exercise to Activate Your Infosec Strategy advisory, incident response, tabletop

An Exercise to Activate Your Infosec Strategy

While your Incident Response Plan is a necessary part of your cybersecurity and InfoSec strategy, tabletop exercises ...
Instructive Tabletop Demo Provides Organization-wide Application events, advisory, incident response, tabletop

Instructive Tabletop Demo Provides Organization-wide Application

On August 15th, RedLegg hosted a successful workshop in Chicago for security professionals interested in Incident ...