Saturday, October 21, 2023

Are Cyber Table Tops Really Worth It? 3 Reasons Why They Still Are

 


In the blogs that I have written not only for myself, but for paying clients as well, I have developed a lot of content when it comes to testing, Incident Response, Disaster Recovery, Business Continuity, etc.  The common denominator in all of this is that there is some kind or type of technological tool and human intervention that is used. 

But there is another way yet in which a business can beef up its line of defenses without having to use any kind of technology per se.

These are known as “Tabletop Exercises”.  It can be defined as follows:

“A tabletop exercise is a discussion-based practice that uses a hypothetical situation to coach a technical or executive audience through the cybersecurity incident response life cycle.”

(SOURCE:  https://www.darkreading.com/operations/top-6-mistakes-in-incident-response-tabletop-exercises)

So as you can see from the above, these kinds of exercises are very much discussion based.  The leader of it portrays a hypothetical security breach, and the audience is asked to come up with a solution.  While these can be effective to some varying degrees, there are a number of key areas that a CISO and his or her IT Security team need to address, in order to make Tabletop exercises even more effective. 

Here are the tips:

1)     Involve the entire audience:

It is very important to remember that a Tabletop exercise is not just another college lecture where you have PowerPoint slides and give out notes.  These are meant to be engaging, and in order to make it so, each member has to be involved and give their input.  In fact, this is really very much like a Security Awareness Training program for your employees.  In order to get great participation, you have to make it both fun and engaging.  In other words, you kind of want to make this like a social kind of event.  If the audience is large enough, break them out into separate teams for even closer collaboration.

2)     Get different groups of people involved:

A cardinal rule of thumb here is never to get the same crowd over and over again.  It is very important that you get different participants all the time, so that you will get varied feedback.  That will be much more meaningful than getting the same answer out every time, but in different ways.  For example, perhaps take a representative number of employees from each department that exists in your business.  That should give you some varied answers.  Also remember that Tabletop exercises are not just restricted to employees, you should also get other key stakeholders involved as well.  Consider this like a focus group interview you are conducting to get market research on a potential new product or service you could launch.

3)     Vary up the threat variants:

As mentioned earlier in this blog, the facilitator of a of the Tabletop exercise usually first starts out with a hypothetical security breach.  But it is also important here to keep in mind as well that you need to mix up the threat scenarios.  For example, in one training session, talk about Ransomware, the other Phishing, etc.  But always make the threat relevant to the business.  For example, if you choose to use a Phishing based scenario, then give the example of a Business Email Compromise (BEC) attack, and how the accounting team can fall into the trap of responding to a fake invoice.  But also remember not to make the scenarios so depressing for the audience that they simply do not want to want to respond or give feedback.  It takes a balance  here.  Further tips on how to do this can be seen at the link below:

https://www.darkreading.com/edge-articles/designing-tabletop-exercises-truly-help-thwart-cyberattacks

Also remember that by varying your attack scenarios,

My Thoughts On This:

One of the key areas that is extremely beneficial from a Tabletop exercise is the feedback that is solicited from the audience.  Remember to incorporate these into all of your security plans, primarily your Incident Response (IR), Disaster Recovery (DR), and Business Continuity (BC) plans.  But the best lesson learned is to practice them on a real time basis, at least once a quarter!!!

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...