Tabletop Cyberattack Exercises: What, Why, How?

Published
  • Tabletop cyberattack exercises are a powerful means of assessing an organisation’s preparedness for a potential attack or breach, giving key stakeholders across the business a chance to test their responses.  
  • Because tabletop exercises are conducted in safe, controlled conditions, they’re a good opportunity to battle-test a company’s cyberattack measures without the associated risks. 
  • These exercises don’t just help reinforce response tactics, but also highlight any potential gaps which may otherwise have gone unnoticed.  

Introduction 

Have you ever heard of the “model” United Nations? 

During a model UN session, a group of people play the role of the key nations in the UN and play out what each representative’s real-world responses might be. These exercises are a useful way to explore potential crisis responses without putting anybody at risk.  

But did you know something similar exists for your organisation’s cybersecurity defence strategy? 

Known as cyberattack tabletop exercises, these sessions give your business the opportunity to test out responses and identify opportunities for improvements to your strategy.  

Let’s take a closer look at the what, why, and how of cyberattack tabletop exercises.  

What is a Cyberattack Tabletop Exercise? 

Just like the model UN example above, a cyberattack tabletop exercise is used to simulate and analyse the consensus response to a cyberattack on your business.  

Exercises like this are a collaborative and strategic session which bring together primary stakeholders from across your business—essentially anyone who would need to be included in a real crisis response. Cyberattack tabletop exercises are hosted by a nominated facilitator, who will also think up the particular crisis at the centre of the session, then all participants will sit and discuss their hypothetical response.   

A cyberattack tabletop exercise presents challenges, potential attack vectors, and consequences, giving all participants a chance to analyse and develop an answer to the question, “What would I do?” 

The ultimate goal of a cyberattack tabletop exercise will naturally differ from one organisation to another, but common outcomes include: 

  • Battle-testing the effectiveness of your existing incident response plans and procedures. 
  • Identifying communication gaps and enhancing co-ordination among different teams. 
  • Assessing the organisation’s ability to detect, contain, and mitigate cyber threats. 
  • Improving collaboration and understanding among your IT support team and other key stakeholders in your business.  
  • Enhancing the organisation’s overall cybersecurity preparedness. 

Why would an organisation host a Cyberattack Tabletop Exercise? 

Next, let’s look at the “why” of this type of exercise—just why are they valuable compared to simply putting cybersecurity protection measures in place and leaving them to it? 

There are a number of reasons that these exercises can provide far more than simple mitigation, including: 

  • To verify how prepared your business really is for an attack. It’s easy to assume that you have everything covered as an organisation, that your cybersecurity systems are all set up and then nothing can get through. This may be true, but it’s still vital to test this theory in safe manner—and that’s where cyberattack tabletop exercises come in very handy.   
  • Build your employees’ resilience and preparedness Tabletop exercises provide an opportunity for employees to gain hands-on experience and training in dealing with cyberattacks. It allows participants to understand their roles and responsibilities during a cyberattack crisis and familiarise themselves with exactly what to do should the worst happen.  
  • Improve cross-team collaboration in a crisis. Not many of us know how we’d react in a crisis until it happens, so assumptions can often be wrong. Learning this in the middle of a cyberattack isn’t exactly the best timing, especially when loss mitigation relies on multiple teams communicating clearly and effectively. A tabletop cyberattack exercise gives your teams the chance to practice their collaboration in a crisis—without the associated risks.  
  • Improved risk recognition and mitigation. One of the core reasons to host tabletop cyberattack exercises is because they will help your team recognise cyberattack risks more readily and mitigate the damage they can cause. Identifying potential vulnerabilities, risks, and threats within your systems early is a powerful way to improve your overall cybersecurity defence. 

How does a Cyberattack Tabletop Exercise play out? 

Despite being akin to a game, there’s no strict rulebook when it comes to cyberattack tabletop exercises.  

That said, here’s a quick step-by-step of how you could plan and execute a session like this: 

  • Step 1: Define your objectives. Prior to the tabletop session, the facilitator should clearly outline the goals of the exercise. If there are specific areas of your incident response plan you think need work, now’s the time to bring them up for discussion. 
  • Step 2: Develop your scenario. The next step is for the facilitator to create a realistic cyberattack scenario tailored to your organisation’s industry and predicted areas of weakness. Here’s where you might want to bring in specific attack vectors such as phishing emails, malware, or insider threats. 
  • Step 3: Choose your participants. Next, ask yourself who in your organisation—perhaps department heads or other key stakeholders—should have a place at the table, so to speak. Who would you rely on in a real cyberattack scenario? Whoever they are, be sure to invite them to the tabletop session.  
  • Step 4: Prep your materials. With the scenario planned out, the facilitator will need to prepare all necessary materials, including the scenario brief, response plans, and any additional resources or reference materials, for use during the session.
  • Step 5: Conduct the exercise. Choose a suitable location, such as a board room or large meeting room, then have the facilitator present the scenario. You can host tabletop exercises like this remotely, but in-person tends to be the way to get the best results out of a team. Participants should be encouraged to engage in active discussion and decision-making to accurately simulate responses to the cyberattack in real time. 
  • Step 6: Discuss and analyse. Once the exercise has concluded and the fictional cyberattack has been successfully mitigated, it’s a good idea to hold an open discussion with participants about how they felt things went, any insights they discovered, and any areas of weakness or potential improvements. This is really where you’ll get the most value from a tabletop cyberattack exercise, so don’t be afraid to dive deep.   
  • Step 7: Put your learnings into action. Of course, holding a session like this doesn’t make sense unless you do something with the insights you unearth. Following the discussion and documentation of what was learned, put a plan together with any remedial action required to improve your cyberattack response. 

If you’d like more details about how to plan, launch, and assess the success of tabletop cyberattack exercises for your organisations, just drop a line to your Get Support account manager for more details. 

Latest From The Blog

Microsoft Mesh is Here, But Do You Really Need It?  

Microsoft Mesh brings shared 3D worlds and immersive mixed reality experiences to the world of business - but does your organisation need it?
Read More...

Create a ChatGPT of Your Own with Microsoft Copilot Studio  

With Microsoft Copilot Studio, you can create your own AI-powered chatbot to assist customers, share internal knowledge, and more.
Read More...

The Microsoft Planner 2024 Upgrade: What's New?

Dubbed the “new” Microsoft Planner, the popular Microsoft 365 productivity tool is getting a facelift in 2024. Here’s what’s new.
Read More...