4 tabletop exercises every security team should run

Ensuring the enterprise is protected from vulnerabilities is a required function of security teams. It’s also a best practice for cyber insurance vendors and meeting compliance requirements. A popular evaluation test, the tabletop exercise, permits security teams and corporate management to select a threat and then run through the process of containing and remediating the threat.

In a tabletop exercise, a team discusses their roles and responses during an emergency under different scenarios, typically with someone acting as a facilitator. It’s not a full-scale drill but an opportunity for stakeholders to talk through a simulated crisis.

Which ones should you choose to test? There are as many tabletop exercises as there are potential vulnerabilities. Experts recommend that tabletop exercises be run throughout the year and rotated based on a company’s risk profile. Some threats, however, tend to be on everyone’s list of risks. These are four of the most common threats for which security teams should run tabletop exercises:

1. Ransomware

No one is safe from ransomware attacks as they are among the most rewarding for cybercriminals, who often target indiscriminately. Beyond the initial ransom demand, attackers might attempt to extort both the victim and their business partners, as well as customers of the company targeted in the original attack. A study from 2021 by Cybereason noted that 80% of companies that pay a ransomware demand are frequently hit a second time by the same attackers, sometimes with the same attack and sometimes with a follow-on extortion attempt. A 2023 study from Akamai said a ransomware victim is six times more likely to face a follow-up attack within three months.

Despite the lull in 2022 ransomware attacks, due in part to the Russia and Ukraine war and the COVID-19 pandemic, ransomware claims were up 50% in 2023 over 2022, notes David Anderson, vice president of cyber liability at Woodruff Sawyer, a national cyber insurance brokerage. This year is expected to have more ransomware attacks than 2023, he says.

During an enterprise’s tabletop evaluation of its defenses against cyberattacks, the team will be looking for ways to identify and mitigate the ransomware and any subsequent extortion attacks. Because of regulatory reporting requirements and potential legal and financial liabilities, stakeholders from outside the security function should participate. This might include legal, communications, finance, compliance, and marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button