September 2020 | Point of View

How tabletop exercises and cyber threats have changed since COVID-19

How tabletop exercises and cyber threats have changed since COVID-19

With COVID-19 forcing millions around the world to work remotely, the workplace looks almost nothing like it did a few short months ago. But while organizations have adjusted well to the realities of the virtual labor force, many business leaders are now working to grapple with a new set of cybersecurity risks.

That’s why it’s critical – especially during a pandemic – to prepare for cyber incidents with the right plans and the right tests for those plans. The best way to do that is through tabletop exercises, where organizations go through simulated stress tests to prepare for an effective and efficient response to a security incident.

Here’s what leaders need to know about deploying these in the current environment.

What tabletop exercises look like post-COVID

Pivoting to near-universal work from home has opened new areas of risk. Business and IT leaders certainly have become more adept at managing cybersecurity for remote workers since the frenzy of March and April. But the fact that most employees continue to work remotely and will – in some capacity – for the foreseeable future, challenges exist in facilitating tabletop exercises.

Getting the right stakeholders in a room remains a critical aspect – this includes application owners, system admins, and customer-facing team members – but these rooms have now gone virtual, making it easier for some participants to remain quiet or disengage entirely without those conducting the exercise knowing so. It also means that one standard part of tabletop exercises – breaking into smaller subgroups – has become incredibly difficult.

The typical tabletop exercise lasts three or four hours but could be even longer depending on the scenario being played out and the amount of preparation done ahead of time. Facilitators must be even more engaging and do their best to keep track of all participants, making focus and attentiveness from participants critical.

Success requires the all-important trait of remaining adaptive, as hackers are always increasing their abilities. In just the last few months, and seemingly unrelated to COVID-19 changes, ransomware attacks have evolved from focusing mostly on data encryption to regularly involving data exfiltration, making data exposure a more important issue to consider.

Hackers still targeting weekends, so remote exercises remain relevant

Hackers are sticking with one action that has largely worked: attacking when an organization’s guard is down, which often means on the weekends or around holiday periods. Ironically, this makes the remote tabletop exercise a truer simulation of how things normally play out in a data breach, with stakeholders responding and coordinating remotely.

As a result, many of the pre-COVID steps that would be tested in a tabletop exercise remain applicable. The first of those steps is the creation of a cyber response playbook, which sets out a timeline of events and outlines who is responsible for what in the event of a breach. The team should include corporate counsel, HR, IT, public relations, and customer-facing departments such as account directors or call centers.

Those individuals must be part of any tabletop drill as bringing them all to the table ensures each function understands their role and more importantly can reveal how various personalities may affect the breach response. Too many leaders – even after years of headlines about high-profile cyber incidents – continue to relegate cybersecurity drills to the IT department. But it remains as important as ever to not only conduct drills with the right people but also to learn and adapt from what comes out of each drill.

Tabletop exercises have gone virtual, making it easier for participants to remain quiet or to disengage, thus reducing the effectiveness of such preparations.

Your organization is ready for a tabletop exercise

It’s important to consider the frequency of tabletop exercises. Best practices dictate that they be conducted at least once a year, or after a major event – like a big acquisition or disposition – that prompts broad operational changes.

There is an argument, however, that every organization has gone through broad operational changes in the past several months. They’ll also face more in the coming months as a new normal emerges, meaning the time is right for any business to undergo a thorough tabletop exercise.


This article originally appeared in CPO Magazine.

Explore our latest perspectives