YOU HAVE a jillion things to do to keep your organization humming. What’s the best use of your time and budget when it comes to cybersecurity?
If you already have some network cybersecurity systems in place, tabletop exercises are a great way to go. They’ll help establish or improve policies, playbooks, and staff training — in other words, the human side of cyber. Tabletop exercises combine all three aspects in an interactive event that yields an action plan at the end — custom tailored to your organization’s needs, schedules, budgets, and staffing.
What’s Different
While most cybersecurity activities are technical in nature — like examining and tweaking network settings and operating security software or researching issues — tabletop exercises are non-technical and interactive.
There are two sides to cybersecurity: the computer systems side and the human systems side. Both must be tuned up and operational for effective cybersecurity. Continuous improvement is the key to success here: incrementally updating and upgrading here and there, every week or month.
The Human Systems
When a cybersecurity incident happens, at whatever scale, it is the human teams that go into action. It’s the human staff that decides what to do next, and it’s the human staff that then takes the action to mitigate, repair or restore, and manage the event. They might also figure out how to keep the event from recurring.
A collection of policies and playbooks guide the staff actions during the event or breach — a time when decisive action can save the organization hundreds of thousands of dollars (or more). It’s also a time that can panic people, since it may involve systems being offline, customers calling in with complaints, data being encrypted and unavailable, and attackers doing who-knows-what with your networks and assets.
It’s the playbooks that make it possible to take decisive, precision action in that moment of panic. The policies determine the rules and requirements of the organization, and the playbooks map out preapproved and predetermined actions based on the event or attack. Playbooks also contain all the contact information and parameters for working with resources like lawyers, public relations firms, cyber insurance teams, cybersecurity consultants, and law enforcement.
Together, the staff, policies, and playbooks form the human side of the cybersecurity equation.
Testing All Systems
You probably have already done vulnerability scans on your servers and network infrastructure, and perhaps you’ve even done a penetration test or two on your organization’s information systems. These activities find weaknesses and holes in your computer systems before the bad guys take advantage of them to compromise your network. They give you the information you need to decide on specific actions to fix holes, eliminate vulnerabilities, and immediately and meaningfully increase your network security.
Tabletop exercises do the same thing for the human systems side. Realistic scenarios are simulated for your team, who use the actual organization policies and playbooks to process and handle the event. A facilitator gives the results of your staff’s actions, from the initial breach all the way to final resolution. All along the way, any problem or missing process is noted.
All this takes place as a tabletop “game”, a paper-and-chalkboard style simulation. No network systems are actually touched or compromised. Your tabletop facilitator is a knowledgeable cybersecurity engineer who can evaluate and communicate what would realistically happen based on your staff’s choices and actions.
At the end of the session, everyone reviews what worked well, what didn’t work well, and what was missing (if anything). From that discussion, a list of betterments is created. The group then prioritizes the betterments, and a custom action plan is created. Since all the stakeholders are in the room and have experienced the simulation, the action plan tends to be of very high quality and accuracy — fitting the exact needs, budget, and concerns of the organization.
The Fastest Way to Level Up
Tabletop Exercises have proven to be the fastest way to improve an organization’s playbooks, emergency communications, threat and resource awareness, and incident handling skills. They are a very effective spend for improving an organization’s cybersecurity posture and systems. Because of that, tabletop sessions are often recommended or even required for certain cybersecurity insurance policies or discounts.
You’ll want to talk with your tabletop exercises provider to make sure they have a tabletop scenario that fits your staff and systems’ level of development and readiness. Start with simple, realistic scenarios: being notified of company credentials found on the darkweb, clicking on a poisoned email attachment, or discovering that a network device you have in operation has a recently discovered critical vulnerability. Once your staff and playbooks have handled these kinds of scenarios, move on to more intense and complex ones.
What would you and your staff do in the case of a cybersecurity event or attack? Does everyone have all the information, resources, contacts, lines of communication, and procedures they need to handle the problem quickly, professionally, and safely?
Find out with a Tabletop Exercise!