Looking back now almost two years, the world has changed in many ways since the start of the pandemic. This has affected almost every aspect of everyday life and cyber security has become even that much more important and has adapted too along the way. With COVID-19 forcing millions around the world to work remotely, the workplace looks almost nothing like it did only months ago. But while organizations have adjusted well to the realities of moving to a virtual labor force, many business leaders are now working to grapple with a new set of cybersecurity risks. That’s why it’s critical – especially during these pandemic times, to review and prepare for cyber incidents with the right plans and the right tests for each business.
One of the best ways to do that is through tabletop exercises. What are tabletops? Simply put, it's where organizations go through simulated stress tests to prepare for an effective and efficient response to a security incident. If you're a company leader, here's what you need to know about deploying these and workarounds as a result of the pandemic.
What tabletop exercises look like post-COVID
Pivoting to near universal work from home has opened new areas of risk. Business and IT leaders certainly have become more adept at managing cybersecurity for remote workers since the frenzy of March and April 2020. And the fact that most employees continue to work remotely and will – in some capacity for the foreseeable future, coupled with what looks like a world where COVID will remain and variants of COVID will emerge, all creates challenges that exist in facilitating tabletop exercises.
Getting the right stakeholders in a room remains a critical aspect – this includes application owners, system admins, and customer-facing team members – but these rooms have now gone virtual, making it easier for some participants to remain quiet or disengage entirely without those conducting the exercise knowing so. It also means that one standard part of tabletop exercises – breaking into smaller subgroups – has become incredibly difficult. The typical tabletop exercise lasts three or four hours but could be even longer depending on the scenario being played out and the amount of preparation done ahead of time.
Facilitators must be even more engaging and do their best to keep track of all participants, making focus and attentiveness from participants critical. Success requires the all-important trait of remaining adaptive, as hackers are always increasing their abilities. In just the last year, and seemingly unrelated to COVID-19 changes, ransomware attacks have evolved from focusing mostly on data encryption to regularly involving data exfiltration, making data exposure a more important issue to consider. Hackers still target weekends, so remote exercises remain relevant Hackers are sticking with one action that has largely worked: attacking when an organization’s guard is down, which often means on the weekends or around holiday periods. Ironically, this makes the remote tabletop exercise a truer simulation of how things normally play out in a data breach, with stakeholders responding and coordinating remotely.
As a result, many of the pre-COVID steps that would be tested in a tabletop exercise remain applicable. The first of those steps is the creation of a cyber response playbook, which sets out a timeline of events and outlines who is responsible for what in the event of a breach. The team should include corporate counsel, HR, IT, public relations, and customer-facing departments such as account directors or call centers. Those individuals must be part of any tabletop drill as bringing them all to the table ensures each stakeholder understands their role and more importantly can reveal how various personalities may affect the breach response. Too many leaders – even after years of headlines about high-profile cyber incidents – continue to relegate cybersecurity drills to the IT department. However, it remains as important as ever to not only conduct drills with the right people but also to learn and adapt from what comes out of each drill.
Your organization is ready for a tabletop exercise
It’s important to consider the frequency of tabletop exercises. Best practices dictate that they be conducted at least once a year, or after a major event – like a big acquisition or disposition – that prompts broad operational changes. There is an argument, however, that every organization has gone through broad operational changes in the past several months. They’ll also face more in the coming months as a new normal emerges, meaning the time is right now for any business to undergo a thorough tabletop exercise.
Comments