Sese Bennett, guest blogger
There’s no arguing that technology is evolving and shifting the way businesses operate. In the past five years, we’ve seen almost every conceivable industry transition to a digital-first approach. During that same timeframe, we have also seen a huge spike in the number of security incidents and related breaches. Most recently, healthcare, retail and financial institutions have been hot targets for high profile incidents and will continue to be in the immediate future. So, the question is not if an organization will be the victim of a major security incident, but rather when will it occur and how will they respond?
While the digital-first approach provides incredible benefits, it also creates new challenges when it comes to protecting and managing data. In this digital world, cyber attackers are constantly looking for new ways to find cracks in the security controls implemented by security professionals and given enough time and resources, the bad guys will eventually achieve at least some measure of success. Therefore, IT professionals must constantly transform, evolve and upgrade their security programs to protect their business against the latest threats and their associated consequences.
Taking a more strategic approach to your security program requires a proactive stance against potential threats. One of the most valuable ways you can evolve your organizations proactive capabilities is to prepare for the inevitable security incident by conducting incident response tabletop exercises.
Incident response tabletop exercises are a low-cost scenario based approach to ensure your business is prepared to respond to the same type of incidents you hear about in the news. Here are a few practical ways a tabletop exercise can help your business be more proactive and responsive when it comes to managing your security program.
Evaluate Your Incident Response Plan. More than likely, your company spent countless hours and resources putting together your official incident response program. But when the rubber meets the road, the real value of the plan is measured by how effectively you are able to respond to a potential threat? Testing will enable you to identify the specific areas in which your program is strong as well as document those portions of your plan that need updating. By utilizing a tabletop exercise to test your plan, you can ensure it is actionable and valuable if an actual incident occurs.
Simulate Potentially Stressful Situations Before They Happen. If your company’s data was being held ransom for a Bitcoin payment of $100,000 or risk it being leaked to the dark web in an hour, how would you respond? Have you considered whether you would pay the ransom or refuse the ransom and deal with recovery of your data in another way? Do you have specific company policy and procedure in place for ransomware attacks and have those procedures been vetted and approved by executive leadership? If you do decide to pay, do you have a Bitcoin account in place that you can use? How will you communicate your decision to pay (or not pay) to your stakeholders, customers and the media? These are just a few of the questions that can be considered during a tabletop exercise for just this one incident response scenario. As you can see, these can be incredibly difficult decision to make in the heat of a incident, so advanced preparation is vital. A tabletop exercise helps you simulate those types of situations so you can practice making these types of decisions beforehand when the situation is not critical.
Identify How Much a Breach Would Impact Your Entire Organization. As IT professionals, we all know that the impact of a data breach goes beyond the IT department. But do the other stakeholders within the organization know how a breach would materially impact their area of the business? A tabletop exercise allows you to bring together disparate areas of your business including legal, IT, corporate communications, human resources, security and marketing into a controlled environment where the impact of a breach can be identified, measured and remediation efforts discussed. This is also an excellent opportunity to highlight the importance of a shared responsibility model so that all involved can see why it’s valuable to do their part when it comes to protecting the data of the organization and responding to any potential breach of security.
Test Your Ability to Communicate Effectively. As anyone that has ever been involved in a security incident will tell you, a security incident is not just about the loss of data. It also involves the impact the incident has on the organization’s reputation and in some cases – its value. This emphasizes the importance of using a tabletop exercise to test the effectiveness of the communication process throughout all phases of an incident. This includes communications to internal teams, external third parties, employees, executive management, and media outlets. Effective communications are communications that are timely, accurate and at a level providing useful information to all parties involved, including those involved in remediation efforts or impacted as clients or customers.
Interested in Being More Strategic with Your Security Program This Year?
If you’re interested in taking a more proactive, strategic approach to security management this year, I’d encourage you to check out our recent podcast on the value of incident response tabletop exercises. You can also download the latest volume of BREACH: A Guide to Network Security Best Practices to learn how tabletop exercises can fit into your overall security program and approach.
If you’re interested in more details about how our team at LBMC can help you facilitate a tabletop exercise, you can contact us here anytime.