With cyber threats continuing to escalate, a low-cost tool that should be in every arsenal is the tabletop exercise (TTX). TTXs can greatly improve security posture, reduce incident response times, expedite recovery and minimize overall impact from a security incident. Yet, in many businesses, the term remains obscure, even ominous. We’ll break it down for you in easy-to-understand language and provide some free resources to get started.
What Are Tabletop Exercises?
Tabletop exercises are discussion-based sessions where executive leaders, security teams, IT teams, and even business teams meet in an informal setting to talk through roles, responsibilities and action plans during an emergency situation. Although TTXs can be conducted virtually, in person meetings help to better facilitate discussions and build rapport with team members.
Participants simply need to come willing and open to discussion. The organizers of the session will come prepared with specific scenarios and will facilitate the discussion. Scenarios will often include situations such as a ransomware attack, data center or network outage, or other catastrophic event that interrupts a company’s ability to conduct normal business operations.
Why Are Tabletop Exercises Important?
It is human nature for panic to set in during a difficult and unexpected situation. Panicked individuals respond in unpredictable and unreliable ways. Tabletop exercises offer an opportunity to think about tough situations in advance, develop a plan, and in effect, practice dealing with the unexpected and uncomfortable event before it occurs.
The age old saying, “practice makes perfect” absolutely applies to cyber-attacks. Situations are less daunting when they have been discussed in advance, helping employees and leaders to know how to respond appropriately. TTXs serve as a rehearsal for dealing with an unexpected situation. A measured and controlled response will always result in a better outcome as compared with panic and mayhem.
Although useful for any type of emergency, tabletop exercises have proven particularly useful in educating and preparing employees and leaders to deal with, and in some cases even avoid, cybersecurity attacks. A post from Infosecurity Magazine suggests that having an incident response (IR) team with a regularly tested response plan (including TTXs) can reduce the cost of a data breach by as much as 60%.
TTXs allow an organization to test its response plan and identify any flaws or gaps in the plan before a real emergency. They also help to determine roles and responsibilities during the emergency and identify individuals to fill each role, avoiding overlap and competing priorities, while setting a clear chain of command.
Are There Free TTX Resources Available?
The short answer is, yes! There are numerous free TTX resources available from reputable sources that can add value to your organization. One of the best resources available is from the Cybersecurity & Infrastructure Security Agency (CISA) administered by the federal government. This site includes free downloadable packages for different types of scenarios across different industries and sectors.
The Center for Internet Security also offers free downloadable tabletop exercises that can be self-administered. These exercises are a bit smaller than those offered by CISA. Many can be completed in as little as 15 minutes, though it is highly recommended to spend significantly more time in discussion in order to receive the maximum benefit.
These free resources can serve as either a good starting point for organizations just beginning to explore the value of tabletop exercises, or as a yardstick to measure the completeness of existing cybersecurity plans.
What’s the Catch?
Free resources can be a great starting point. However, without experienced individuals that have successfully led organizations through these types of incidents, the paper exercises may be lacking substance or realism. Like anything, it’s easy to underestimate the time, cost, and impact of something unfamiliar.
For example, have you ever looked at a video online to learn how to repair something or do something you’ve never done before?
Inevitably, the video will leave out particularly challenging steps or critical items required to complete the task. Or, the video will be lacking enough detail to complete crucial steps, leaving the viewer scratching their head and unable to complete the task.
Tabletop exercises are no exception. Without experienced security practitioners to lead the TTX, it’s likely the maximum value received by an organization will be limited. There is no substitute for experience when it comes to responding to cybersecurity incidents.
How Can Black Kilt Help?
Our seasoned security professionals have the experience required to effectively plan and lead your tabletop exercises. Our practitioners have lived through, responded to, and helped clean up from some of the largest security breaches in history. There is no substitute for experience. Give us a call today to help you plan your next tabletop exercise.
