Apr 19, 2023
The 6 Benefits of Integrating Tabletop Exercises into Your Incident Response Planning
When cyberattacks or other potentially catastrophic events strike, having a well-prepared organization can be the difference between a minor disruption and being out of commission for days, weeks, or even months. Some ill-prepared organizations never survive these incidents.
To ensure your organization is ready to efficiently and effectively respond to incidents, planning and preparation are key. And having a robust incident response plan and a well-trained team are table stakes.
Integrating tabletop exercises into your incident response planning and preparation is a great way to guide your team through potential incidents. These exercises help you identify areas where your incident response staff, tools, and processes need improvement. They also help ensure your team is ready to roll when an actual incident occurs.
In this blog post, we’ll highlight the benefits of incorporating tabletop exercises into your incident response planning and preparation. We’ll also review Tevora’s tabletop exercise methodology and recommend additional resources for a deeper dive into this topic.
Tabletop Exercise Benefits
Our extensive experience helping clients strengthen their incident response capabilities has taught us what benefits you can expect to realize when you implement well-designed tabletop exercises.
1. Identifies Gaps in Communications
Identifies gaps in your communication policies, procedures, processes, and documentation intended to be used in the event of a cyber incident or other potentially catastrophic event. For example, you may learn that some or all of your team doesn’t know who to contact in the event of a cyberattack against a specific in-house service or one of your third-party service providers. Another example is that you might find a lack of knowledge about your organization’s incident response processes to be used for communicating with executive management, legal, and the media during a significant cyber incident. Do you have plans for a “War Room” to manage communications? If so, running exercises on this is a must.
2. Builds Muscle Memory
In his book Outliers, Malcolm Gladwell cites a study indicating that it takes at least 10,000 hours of practice to achieve greatness in a specific area. While we don’t recommend running your team through this many tabletop exercises, we do believe that having them do multiple dry runs or walkthroughs of potential cyber incidents and catastrophic events is a good idea. Stepping through the processes, logistics, and roles and responsibilities involved in responding to an incident helps build muscle memory in your team that can pay significant dividends when they encounter these scenarios for real.
3. Identifies Weaknesses in Your Cyber Defenses
Identifies weaknesses in training, tools, and processes for responding to cyberattacks. For example, you might find that your organization’s capabilities for detecting and responding to malware incidents are incomplete or ineffective. You might also learn that your staff has not been given adequate training to detect and properly respond to phishing or spear-phishing attacks. Another example would be learning that your backup and restore capabilities don’t allow you to restore your production data from backup to an alternate production server in the event of a malware attack that encrypts production data on your primary server.
4. Identifies Compliance Gaps
Identifies areas where you are not in compliance with security standards or regulations. In addition to covering general security and privacy standards specific to your business or industry (e.g., Payment Card Industry Data Security Standard), we recommend including tabletop exercises that test your compliance with industry standards for incident response, such as the Department of Commerce’s National Institute of Standards (NIST) Technology Special Publication 800-61 Revision 2 Computer Incident Handling Guide.
5. Reduces Costs
By walking through incident response processes, tabletop exercises can reduce costs that might otherwise be incurred in an actual incident by an ill-prepared team that fails to take quick action or takes the wrong steps or unnecessary steps to respond to the incident. Consider the potential financial impacts of an incident that takes your entire business offline for two weeks because your incident response team is not adequately prepared. We’ve seen this happen far too often, and it’s not pretty!
6. Enables Rapid Recovery
Well-designed and executed tabletop exercises prepare your team to efficiently and effectively respond to and remediate the impacts of cyberattacks and catastrophic events, ensuring your business is able to quickly return to normal business operations.
Tevora’s Tabletop Exercise Methodology
1. Diverse Simulations
- Cyberattacks such as ransomware, phishing, spear phishing, denial of service, social engineering, and other common attack techniques.
- Policy violations such as copying company data, harassing emails, and more.
- Disaster Recovery and Business Continuity plans to ensure your organization is prepared.
2. Incident Management
- The ability to simultaneously coordinate with your senior leadership, legal, and security teams to solve the tabletop exercises.
- Continuous communication throughout the tabletop engagement process, keeping all stakeholders updated and informed.
3. Incident Scope
- All tabletop exercises are tailored to your specific environment.
- In addition to cyber incident response exercises, our team has extensive experience developing scenarios for responding to catastrophic events such as fires, earthquakes, or active shooter incidents.
- We take great care to analyze your policies, procedures, security tools, and resources to identify any gaps that might increase risk.
- We strive to create a no-fault, no-wrong-answer, and no-blame environment.
- Teams work together, keeping an open line of communication.
- Team members work with each other and other people in your organization to solve the incident.
5. Tabletop Exercise Report
- At the conclusion of the exercises, we provide a graded report card detailing your organization’s performance.
- The report Identifies gaps in systems, processes, and human resources that respond to incidents in your environment.
- Remediation recommendations outline the requirements your organization needs to meet to properly handle incidents.
Below are additional resources that provide a deeper dive on the topics covered in this blog post:
- Tevora Tabletop Exercises Datasheet
- Tevora Incident Response Services
- NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide
If you’d like to learn more about Tevora’s tabletop exercises or would like help implementing them in your environment, our team of experienced security experts can help. Just give us a call at (833) 292-1609 or email us at email@example.com.