Mastering the tabletop: 3 cyberattack scenarios to prime your response

Questions to think through during the tabletop include:

• How long does the organization keep backups?
• How long does it take to restore from backups and has that process actually been tested?

The tabletop also invites discussions around how the organization is prepared to respond to the discovery of unauthorized administrative activity, who would be notified, and how.

Helping security teams think of everything that needs to be done

The point of the exercise is to force security teams to consider what resources are required for incident response and what processes might be invoked to mitigate the impact from malicious activity from an insider threat.

There also may be a need to contact law enforcement and to sufficiently document the incident to be able to legally pursue the attacker and hold them accountable for the malicious activities.

Scenarios like these can and often do play out, with former employees becoming frustrated with a former employer and looking to use insider information they are privy to, to try and compromise or negatively impact the organization both technically, financially and reputationally.

Organizations need to have comprehensive plans and processes in place to halt malicious activities, mitigate the impact, respond to and recover from the incident and legally pursue the insider to hold them accountable for their actions.