Cybersecurity and Fraud Protection
How tabletop exercises can improve incident response
An introduction to tabletop exercises and how organizations can begin practicing for cyber preparedness.
An introduction to tabletop exercises and how organizations can begin practicing for cyber preparedness.
The cyberthreat landscape is constantly evolving, with a mix of advanced nation-state actors and cybercriminals targeting organizations of all industries and sizes. While their intentions and motivations may differ, many of their methods of attack are similar and well-publicized: social engineering, phishing, business email compromise and ransomware, to name a few of the most common vectors.
In fact, according to the FBI’s Internet Crime Complaint Center (IC3), there were 3,729 complaints identified as ransomware in 2021, resulting in adjusted losses of more than $49.2 million. These tactics continued to develop throughout the last year, demonstrating an increased threat to organizations globally—and the need for companies to keep pace with the evolving threat landscape.
That’s where cybersecurity tabletop simulations come in.
A tabletop simulation is a scenario-based discussion that’s meant to simulate the various stages of an attack. These cybersecurity exercises can play a vital role in organizational preparedness by increasing awareness of cyberthreats, validating response plans and procedures, and identifying capability gaps within an organization.
“These incident response simulations are a cost-effective method that can provide a lot of value to an organization,” said Adam Bulava, Global Head of Attack Simulation for JPMorgan Chase. Simulations bring together all the relevant stakeholders from information technology and cybersecurity to human resources, media relations, sales, and other middle- and back-office staff—people that don’t interact much under normal circumstances.
Getting started
A well-designed tabletop simulation can provide a low-risk environment to familiarize key personnel with roles and responsibilities, stress test plans and foster collaboration across core functional areas of an organization.
Begin by forming a simulation planning team within your organization that will be responsible for the design, execution and evaluation of the tabletop. This team should meet regularly to determine exercise objectives, create a realistic scenario, develop supporting documentation, identify participants, manage logistics and synthesize findings for documentation in a formal after-action report (AAR).
Organizations that are new to these simulations can leverage pre-made templates and guides to help ease into the process. A guide with additional resources for small and midsize businesses is available through the Cybersecurity and Infrastructure Security Agency.