With the increasing frequency of business-impacting cyber crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.
In this blog we cover:
The management of most organisations takes cognisance of the fact that cyber-attacks can and will harm their reputation, business operations and profitability.
The recent cyber-attack on Travelex and the ransomware attack on Colonial Pipeline are a few amongst several, wake-up calls for business executives. As a direct result of the Travelex attack, where criminals downloaded 5 GB (a significant volume) of sensitive customer data, Travelex shut almost all IT systems and its staff were forced to use pen and paper. It didn’t stop at the stationery. The company had to halt money sales at banks and supermarkets. If you wish to know all about the extent of this attack, download our Travelex Cyber-Attack Timeline.
With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.
The question is: Is this enough?
Having an incident response plan is commendable and essential but if nobody really knows what’s in the plan, what purpose does it even serve?
We, at Cyber Management Alliance Ltd, believe that the time has come when businesses will actually have to test their cyber incident response plans and see if they even work. Organisations are going to have to prepare for the worst and practice for it too! Read on to know why…
There are two ways to build a cyber-resilient business and two aspects of cyber crisis management that all businesses must focus on. The first is creating playbooks and plans of what the IT security team and its allies will do in case of an attack.
However, these plans and procedures are as good as an uncharged mobile phone that has never been taken out of the box, if they aren’t practiced and rehearsed over and over again. And that brings us to the next and the most vital exercise that you must conduct to validate your existing cyber incident response plan and we call that a Cybersecurity Tabletop Exercise.
Download our FREE resources created by the world's leading Cyber Tabletop Exercise Facilitators and start planning for your cyber drill today!
1. Cybersecurity Tabletop Exercise Checklist
2. Cyber Tabletop Exercise Scenarios
3. Data Breach Tabletop Exercise Template
4. Cyber Tabletop Exercise PPT
In its simplest description, a Cyber Table top Exercise is a verbally-simulated scenario which can have a serious business impact if it were to occur in real life.
During the exercise, attendees are encouraged to actually respond to the scenario as they would do if it were real. They then review their actions and discuss how things could have been handled better.
These cybersecurity tabletop exercise scenarios are organisation-specific and are highly interactive, enabling tangible cross-departmental collaboration and communication.
Want to master planning, producing and conducting a Cybersecurity Tabletop Exercise? Don't forget to check out our Masterclass on How to Run an Effective Cyber Tabletop Exercise.
Conducting a Cybersecurity Tabletop Exercise has massive advantages such as:
With a lot of countries worldwide acknowledging the fact that cyber resilience is critical to business continuity and economic stability, regulators are making it mandatory for businesses to comply with certain specific regulatory standards pertaining to cybersecurity and cyber crisis management.
These are just two of the many examples of global regulators, especially of nation-critical infrastructure sectors, who have made it mandatory for businesses to show proof of the fact that their cyber incident response strategies will actually work in case of an attack and sensitive data of the nation or of its citizens will not be impacted.
Conclusion
As more and more regulators worldwide are becoming increasingly stringent about compliance standards and as cyber threats continue to evolve at an earth-shattering speed, it makes complete sense for all organisations to consider conducting a Cybersecurity Tabletop Exercise.
Just having plans and checklists is no longer enough, from a compliance perspective or from a business resilience perspective.
Those plans have to be tested, the checklists have to be almost ripped apart, people have to be put under real pressure. You can do this by leveraging cybersecurity tabletop exercise scenarios and tabletop exercise cybersecurity examples. It’s the only sure shot way of ensuring that when crisis does hit, the plans and the people executing those plans perform flawlessly through muscle memory and practised decision-making.