To ensure that your business is safe at all times and your crown jewels are protected against malicious activities, you need to have a solid cyber incident response plan and you also need to test that plan regularly with a cyber tabletop exercise. But what exactly are cyber tabletop exercises and which types of cyber table top exercises can you host in your organisation? This blog covers all these topics and more.
So what exactly is a cybersecurity tabletop exercise? Also known as a cyber disaster recovery tabletop workshop or a cyber incident response test, this exercise aims to evaluate every aspect of your organisation’s preparedness in case of a cyber-attack.
From the technical responses to the tactical ones, the effectiveness of all of them is put to test by an experienced facilitator who will throw multiple cyber crisis scenarios at the participants of the exercise with the objective of showing the organisation the gaps and loopholes that it must plug in its cyber response strategy.
If you want to learn how to plan, produce and run a cyber crisis tabletop exercise of your own, do check out our course on How to Conduct an Effective Cyber Tabletop Exercise.
You can also download our Cyber Crisis Tabletop Exercise Checklist to start preparing for your own incident response test. Don't forget to download our other resources created by the world's leading cyber table top exercise facilitators:
1. Data Breach Tabletop Exercise Template
2. Cyber Table Top Exercise PowerPoint
Start by downloading our Ultimate List of Cyber Tabletop Exercise Scenarios. This list contains 30 tabletop exercise security examples you can use.
Do keep in mind that just running these tabletop exercises for cybersecurity is not enough. To ensure that they are successful and yield the desired results for your business, adequate preparation has to be done before the exercises are conducted. This preparation includes enlisting the business critical assets and the risks posed to them. It also involves ensuring that the exercises have the right focus areas covered.
1. Threats and Scenarios: It is imperative for a successful tabletop exercise that participants understand the difference between a threat and an incident response tabletop scenario. A scenario typically refers to a series of activities that intend to compromise a business critical asset.
In a cyber tabletop workshop, the facilitator will often create a scenario that is relevant and potentially very dangerous to the business. The exercise will include emphasis on questions like who the threat actor in the scenario is, what is their intent and what will they do once they have managed to successfully compromise the system. An exercise based on threats and scenarios is vital to understanding the risks the business in question is at and if the cyber incident response plans of the organisation are foolproof enough to combat these risks effectively.
2. Threat Actors: Every cyber tabletop workshop will focus on unraveling the various threat actors that a business could be compromised by.
3. Critical Assets: A compelling example of a type of cyber tabletop exercise is one where the critical assets of the business are compromised. In this exercise example, participants are forced to confront the business impact of an attack on their crown jewels and re-assess their plans for protecting these assets and mitigating the blow on the bottom-line. It is essential for business continuity that there is a solid plan for ensuring the safety of business critical assets and responding swiftly to any possible attack on these assets.
Cyber Management Alliance is well-equipped to cater to the remote cyber crisis tabletop exercise requirements of organisations of every size and nature. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google Meet.
Importantly, we will present you a formal audit report of the exercise that provides you with important data including a cyber breach-readiness score that provides a good indication about how ready you are to respond to a specific cyber-attack scenario.
If you’d like more information on our Cyber Crisis Tabletop Exercises, call us on +44 (0) 203 189 1422 or email us here.