Taking a more strategic approach to your security program requires a proactive stance against potential threats. One of the most valuable ways you can evolve your organizations proactive capabilities is to prepare for the inevitable security incident by conducting incident response tabletop exercises.

There’s no arguing that technology is evolving and shifting the way businesses operate. In the past five years, we’ve seen almost every conceivable industry transition to a digital-first approach. During that same timeframe, we have also seen a huge spike in the number of security incidents and related breaches. Most recently, healthcare, retail and financial institutions have been hot targets for high profile incidents and will continue to be in the immediate future. So, the question is not if an organization will be the victim of a major security incident, but rather when will it occur and how will they respond?

While the digital-first approach provides incredible benefits, it also creates new challenges when it comes to protecting and managing data. In this digital world, cyber attackers are constantly looking for new ways to find cracks in the security controls implemented by security professionals and given enough time and resources, the bad guys will eventually achieve at least some measure of success. Therefore, IT professionals must constantly transform, evolve and upgrade their security programs to protect their business against the latest threats and their associated consequences.

Incident Response Tabletop Exercises

Incident response tabletop exercises are a low-cost scenario based approach to ensure your business is prepared to respond to the same type of incidents you hear about in the news. Here are a few practical ways a tabletop exercise can help your business be more proactive and responsive when it comes to managing your security program.

Evaluate Your Incident Response Plan.

More than likely, your company spent countless hours and resources putting together your official incident response program. But when the rubber meets the road, the real value of the plan is measured by how effectively you are able to respond to a potential threat? Testing will enable you to identify the specific areas in which your program is strong as well as document those portions of your plan that need updating. By utilizing a tabletop exercise to test your plan, you can ensure it is actionable and valuable if an actual incident occurs.

Simulate Potentially Stressful Situations Before They Happen.

If your company’s data was being held ransom for a Bitcoin payment of $100,000 or risk it being leaked to the dark web in an hour, how would you respond? Have you considered whether you would pay the ransom or refuse the ransom and deal with recovery of your data in another way? Do you have specific company policy and procedure in place for ransomware attacks and have those procedures been vetted and approved by executive leadership? If you do decide to pay, do you have a Bitcoin account in place that you can use? How will you communicate your decision to pay (or not pay) to your stakeholders, customers and the media? These are just a few of the questions that can be considered during a tabletop exercise for just this one incident response scenario. As you can see, these can be incredibly difficult decision to make in the heat of a incident, so advanced preparation is vital. A tabletop exercise helps you simulate those types of situations so you can practice making these types of decisions beforehand when the situation is not critical.

Identify How Much a Breach Would Impact Your Entire Organization.

As IT professionals, we all know that the impact of a data breach goes beyond the IT department. But do the other stakeholders within the organization know how a breach would materially impact their area of the business? A tabletop exercise allows you to bring together disparate areas of your business including legal, IT, corporate communications, human resources, security and marketing into a controlled environment where the impact of a breach can be identified, measured and remediation efforts discussed. This is also an excellent opportunity to highlight the importance of a shared responsibility model so that all involved can see why it’s valuable to do their part when it comes to protecting the data of the organization and responding to any potential breach of security.

Test Your Ability to Communicate Effectively.

As anyone that has ever been involved in a security incident will tell you, a security incident is not just about the loss of data. It also involves the impact the incident has on the organization’s reputation and in some cases – its value. This emphasizes the importance of using a tabletop exercise to test the effectiveness of the communication process throughout all phases of an incident. This includes communications to internal teams, external third parties, employees, executive management, and media outlets. Effective communications are communications that are timely, accurate and at a level providing useful information to all parties involved, including those involved in remediation efforts or impacted as clients or customers.

PODCAST: Incident Response Should Be Common Sense

Let’s be honest: No one wants to experience a computer security incident. That’s likely why many organizations don’t plan for one by creating incident response teams, incident response plans, or testing their capabilities. It’s also the likely reason most organizations are caught off guard when they do experience an incident. The reality is that every organization will experience an incident at some level. However, responding to an incident doesn’t have to be as complex as we often make it. It’s all about what happened, how did it happen, when did it happen, and what data was at risk? Once we have that figured that out, then we can get back to what we do best.

Since incident response issues are no longer just an IT issue and can often involve legal issues, it is important for organizations to develop an incident response team, seek outside expertise, and have an overall action plan in the event of an incident. In this podcast, LBMC Information Security’s Bill Dean discusses how a complex situation like incident response can be purely based on common sense.

Listen to Podcast

Listen, and discover these key takeaways:

  • Reasons why a computer security incident is something you will likely experience at some level
  • Why working through an incident does not have to be “black magic” with proper planning
  • An explanation about why an incident response plan/program is key
  • How to seek outside expertise to prepare for incident response

Subscribe to the Cybersecurity Sense Podcast on iTunes.

Podcast Show Notes

Interested in Being More Strategic with Your Security Program This Year?

There are no one-size-fits-all for an information security program design. I wish I could give you a checklist saying, “Do this. Do that. Don’t do these other things.” But, that’s not reality.

Just like a tailored suit or the way you prefer your coffee, information security program designs are unique. So, if you want a comprehensive, strategic program, it’s not enough to look at what other companies are doing and call that “good enough.” You must define what an appropriate security program looks like for your organization.

If you’re interested in more details about how our team at LBMC can help you facilitate an incident response tabletop exercise or you need guidance with your Information Security Program Design, you can contact us anytime.