The Value of Cybersecurity Tabletop Exercises for Leadership Teams
The lessons learned from cybersecurity tabletop exercises will minimize the impact of your organization’s next data breach.
If the adage is correct and success is 90% preparation and 10% perspiration, then will a cybersecurity tabletop exercise ensure you are 100% ready in the event of a breach? Not really, but you will both sweat and be exponentially better off after conducting one. A tabletop exercise, in this case meaning a breach simulation, will demonstrate how ready (or not ready) your technical and leadership teams really are to respond to and handle a breach.
What is a tabletop exercise?
A cybersecurity breach tabletop exercise brings together leadership stakeholders who would be involved in an actual cyber breach. A proper exercise will start with a realistic scenario and demonstrate how an incident could unfold in real-time.
As an example of a breach scenario, the CEO receives an email directly to his corporate email address. In the email, cybercriminals are demanding that $80 million be deposited in a Bitcoin account within 48 hours or they will release to the public all the information they collected within the organization’s network. Following receipt of the email, the CEO is told that internal databases are experiencing issues and have gone offline. Within the first couple of hours, the team has discovered authentic personal identifying information (PII) and customer credentials on Pastebin, an online data-dump site. The security team is two hours into the incident. The exercise starts now and will run in real-time for the next four hours. Some questions you’ll consider and need to answer: When do you contact your board? Do you shut down your systems? Who is talking to the press? Will you have enough information to make decisions as the exercise starts? Probably not. Will you have more information after two hours into the tabletop? Probably not. Will you learn from this exercise? Absolutely.
Imagine that there is no business continuity plan, no crisis plan, and the organization has never even had a discussion about ransomware. Tabletop exercises give you the tools to ensure that your organization has a plan, assigned roles, and experience making decisions with limited information.
From a learning science perspective, there is a lot of research around practice required for skills development and mastery. You might have read Malcolm Gladwell’s Outliers and think that you need 10,000 hours of an activity to truly master it. Gladwell is often misquoted, but the gist here is that no one can become an expert or even become proficient in anything without significant practice. This is often referred to as muscle memory, but it isn’t just about muscles. It’s about forming mental as well as physical habits. While the ability to rely on these habits in an emergency can mean the difference between life or death for aircraft pilots or racecar drivers, it, too, can define success or failure for organizations during a cyber breach.
In addition to an increased heartbeat, the top five things the leadership team will uncover during a tabletop exercise include:
- What are the single points of failure?
- Is there confusion about responsibilities?
- Are there missing links in the chain of command?
- Who should be in charge – how are final decisions made?
- What role does your executive leadership play?
Crisis planning and crisis response are about defining roles. There shouldn’t be any questions about who is responsible for what, when, and in which order. It is rare that an exercise goes perfectly – that’s really the point. It is far better to uncover the issues during practice than during the real deal. And remember: this isn’t just for the technical team. The response of the leadership team could be even more critical.
At the end of the day, the most important piece of the tabletop exercise puzzle is the debrief. This is when you discuss what you learned, what you need to change in your business continuity plan, and how you move forward. An organization’s response to a breach can be the difference between a stock price bouncing back or plummeting. It’s ultimately the success or failure of the brand.
Is your executive leadership prepared to handle a breach? Have you recently conducted a tabletop exercise? Contact us to learn more about our Cyber Resolve Board and Executive training programs.