Do's and Don'ts from over 100 cyber tabletop exercises

Date: 15 April 2021

Cyber tabletop exercises are the flavour of the season in the world of IT security. The COVID-19 pandemic has exposed vulnerabilities in the security infrastructure of businesses across the globe. It has also, interestingly, pushed the world into a whole new level of digitization, further increasing the risk perimeter of businesses across industries. Both these factors have made testing of cyber incident response capabilities more vital than ever before. 

Running successful tests of cyber incident response plans has become increasingly vital for organisations as they wholeheartedly embrace the COVID-19 digitisation. Further, regulatory authorities the world over, such as, the Monetary Authority of Singapore have emphasised the importance of conducting regular scenario-based cyber exercises for financial institutions in the recently revised Technology Risk Management guidelines 2021.

In the Middle East, Saudi Arabian Monetary Authority, Qatar’s Central Bank and the National Electronic Security Authority of UAE already have regulations in place that mandate regular business continuity testing and cyber tabletop exercises to evaluate the efficacy of Cyber Incident Response Plans, especially for businesses operating in sectors of critical national infrastructure.  

Many organisations for whom it is not a regulatory requirement to conduct such exercises continue to do so as they understand that it’s the best way to ensure a certain degree of preparedness in case of a crisis. Such exercises help all stakeholders understand the risks their organisation is exposed to, the kind of scenarios that they may need to confront and what their roles and responsibilities will be when a crisis occurs - yes, when and not if!       

So, now that we know how important it is to conduct regular cyber crisis tabletop workshops and exercises, it brings us to one vital question - how to ensure that the exercise you do conduct is actually effective and serves a purpose. 

The CEO and Co-Founder of Cyber Management Alliance, Amar Singh, who is also one of the world’s most experienced and renowned facilitators of cyber tabletop exercises recently shared some Do's and Don’ts for successful tabletop exercises. Here’s a look at what he had to say: 

1.  Consider using an external specialist. It makes a massive difference in terms of the effectiveness of the exercise and the outsider’s experienced perspective that you gain. To know more about why you should get an external practitioner to conduct your cyber tabletop exercise, read this blog.  
    
2. Making Virtual Sessions a Success: In the pandemic-stricken world, it is still unlikely that you’ll be able to host an exercise on-premises. For a seamless virtual session, says Amar, do the following: 
   
   - Announce (apologise in advance) that you may interrupt anyone and it will be for time-related reasons only.
   - All attendees MUST switch on their Cameras & use Chat to communicate. This ensures active participation by all and keeps the session lively and engaging. 
   - Avoid introductions - They are a waste of time. Since the exercise will be conducted within an organisation, chances are everyone will know each other already. 
   - On-time attendance: Insist all attendees join 10 minutes early.
   - Observers: An absolute must - The ones who, yup, observe and take notes are extremely vital to the success of a cyber tabletop workshop. 
   - Call out individual names & ask them questions. Again, this ensures that everyone participates and stays zoned in.
    
3.  In general terms, here are some Do's and Don’ts for effective cyber exercises in 2021:  
   
   - Stop focussing on Phishing - It's boring and lazy.
   - Try to know each attendee & their function/role.
   - What is the objective of the exercise? Training, Testing, Fun, What? Start by defining this at     the onset. 
   - Don't 'Death by PowerPoint' the audience. Please. Make sure the exercise is engaging and interactive. Powerpoint never saved an organisation from a cyber-attack. 
   - Advantages of external hosts (yes like, Cyber Management Alliance) include outsider influence & ability to engage and interact;
   - Don't get all SCI-Fi in your story/scenario BUT avoid the obvious.
   - Injects - make them real & relevant.
   
    

Is your curiosity further piqued after reading these Do's and Don’ts. Do you want greater details on how to conduct an effective cyber tabletop exercise? Read our detailed blog here. Or do you want to know if remote cyber exercises are right for your organisation? Read more here. 

At CM-Alliance, we have the expertise, the experience and requisite skills to support you in hosting a productive and effective cyber crisis tabletop exercise. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete  cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google's Meet. 

Importantly, we will present you a formal audit report of the exercise that provides you with important data including a cyber breach-readiness score that provides a good indication about how ready you are to respond to a specific cyber-attack scenario.