Tabletop Breach Exercises for Leadership Teams
Valuable lessons can be learned from performing tabletop breach exercises and help improve the response to your organization’s next data breach. A tabletop breach exercise will simulate a breach incident and will determine if your technical and leadership teams are ready to respond to and handle a breach.
What does a tabletop breach exercise look like?
A tabletop breach exercise will include leadership roles within the organization that would be involved in an actual cyber breach. The exercise will start with a common, realistic scenario and ultimately demonstrates what to expect when a real breach occurs.
Sample breach scenario:
The CEO of a large financial company receives an email directly to his corporate email address demanding that $20 million be deposited into a cryptocurrency account within 48 hours. If the CEO does not send the money, the cyber criminals will release private information from the network to the public. Since receiving the email, the organization’s databases have gone offline and their data has been discovered online. This data has been classified as personal identifying information (PII) and can cause the organization a lot of trouble. The security team has been trying to mitigate the incident for two hours now, this will be where the tabletop breach simulation starts and runs for the next four hours. Over the course of the four hours you will discover that you come across a lot of questions that will need to be addressed. It is important to determine at what point you alert your stakeholders and board members, when you should shut down the systems, and when to alert the public for a press release. This scenario and questions asked will help you learn and improve the process involved with a real cyber breach. You can expect to have a plan in place that assigns the proper roles and what decisions need to be made during the course of the breach incident.
What Will the Leadership Team Uncover?
- Points of failure discovered during the simulation
- Does everyone understand their roles?
- Does the chain of command have any gaps leading to communication issues?
- Who are the key decision makers and are decisions being made in a timely manner?
- How involved is the executive leadership?
During these unexpected times of crisis, it is imperative that organizations define roles. When money, data, and reputation are on the line there shouldn’t be any time wasted determining who is responsible for what, when they need to take action, and in which order. The more simulations acted out will help uncover more exposure and lead to improved reaction time and less damage. Now that your simulation is complete, it is important to discuss what went well and where improvements need to be made. You also need to update your business continuity plan with the improvements needed to move forward. An organization’s response to a breach can be the difference between the success or failure of that company. Contact us to learn more about our tabletop breach exercises and learn how to prepare an incident response plan.