As first noted by Benjamin Franklin, “failing to prepare is preparing to fail”. This quote rings no truer than in the world of cybersecurity. Our adversaries are working hard using innovative and unconventional methods in the deep underworld of the dark web, and other forums, to identify ways in which they can penetrate our defenses and steal our data. These threat actors thrive in a world of confusion and chaos that often exists when organizations have not undertaken the necessary work to prepare for inevitable cybersecurity events.

Whether your organization has the most robust and heavily fortified solutions or is just starting out on your cybersecurity vendor journey, a coordinated and documented approach to preparation is the best first line of defense for when the worst day of your career in IT eventually occurs. 

Understanding Cybersecurity Tabletop Exercises

Cybersecurity tabletop exercises are simulated cyber incident scenarios that organizations run to evaluate their response capabilities. These exercises are similar to fire drills. During a tabletop exercise, key personnel from various departments such as IT, Legal, Human Resources, and Communications come together to walk through a hypothetical cybersecurity incident, discussing how they would respond at each step while trying to also identify how they would resume critical business operations at the time of an outage, and communicate with their stakeholders. 

These exercises not only help identify gaps in an organizations incident response plan but also foster a culture of cyber awareness and preparedness across the organization. Participants get a clear understanding of their roles during an actual cyber incident, which can significantly reduce response times and mitigate damage in a risk-free and low-stress learning environment – two key factors that are not present during a real event.

The Role of Business Continuity Planning in Cybersecurity

While cybersecurity tabletop exercises prepare teams for an immediate response to incidents, business continuity plans (BCP) ensure than an organization can maintain or quickly resume mission-critical functions amid a cyberattack. A robust BCP outlines procedures and instructions an organization must follow during these disasters, including moving operations to alternate locations, leveraging backup systems, and activating communication plans to manage external relations. 

An effective BCP is comprehensive and considers not only IT infrastructure, actions, and responsibilities, but also people and processes across the organization and how these components must interact with each other to ensure the continued flow of information and productivity due to a cyber-induced outage. These plans should contain detailed instructions on how to resume business operations, generally though a variety of manual methods, key personal contact information of various incident response leads (for when business systems are not available) and should be stored securely offsite in offline physical mediums. Following these BCP guidelines helps to ensure business operations can continue and the right participants can be assembled, following a plan that is still accessible when systems are offline. 

Incident Response Plans as a Blueprint for Tabletop Exercises 

Tabletop exercises when they are designed against an incident responses plan, to further evaluate the effectiveness of an organization’s preparations, and identify opportunities for improvement. Incident response plans are detailed roadmaps designed to guide organizations through the process of detection, responding to, and recovering from cyber incidents. These plans outline specific steps to be taken at the time of a cyber incident including: 

  • Immediate Actions: Procedures for containing and mitigating the impact of the breach to prevent further damage. 
  • Communication Protocols: Guidelines on communicating the breach internally within the organization and externally to stakeholders, customers, and, if necessary, the public. 
  • Analysis and Investigation: Techniques for analyzing the incident to understand its scope, origin, and impact, and for gathering evidence for potential legal actions. 
  • Recovery Strategies: Plans for restoring affected systems and data to resume normal operations, and for reviewing and updating security measures to prevent future incidents. 
  • Post-Incident Review: A thorough debriefing process to assess the response’s effectiveness and to identify lessons learned and areas for improvement. 

Incident response plans give organizations the guidance on how to technically respond to cybersecurity events while business continuity plans provide the clarity on how to resume critical business tasks amid chaos. These assets used in tandem with cybersecurity tabletop exercises form the trifecta non-tooling related cybersecurity preparations. Consistent and whole of organization iteration on these resources will enhance your cyber resilience and overall cybersecurity posture. 

Windsor-Essex Responds to the Regional Cybersecurity Imperative 

Organizations across Windsor-Essex are meeting the cybersecurity preparation mandate. With the support of Connecting Windsor-Essex, the County of Essex and Conseil scolaire catholique Providence, among others, have hosted cybersecurity tabletop exercises to battle-test their incident response and business continuity plans. Throughout these exercises, participating organizations have been able to identify communication, process, and technology opportunities that have made them more cyber resilient. They, and others, leverage CWE across different areas of focus including incident response planning, tabletop resources, high-level cybersecurity assessments, and business continuity planning.


Conseil scolaire catholique Providence after their successful tabletop exercise with CWE

CWE continues to work with our stakeholders to build custom incident plans and run realistic onsite scenarios to ensure our region is prepared for what is to come and we see a future where this knowledge is shared with our broader CWE membership and business community as a whole.