Tabletop Exercises: What They Are & Why You Need Them

  • Team Omega
  • December 1, 2022

The frequency of cyber attacks has increased in recent years and attackers are continuing to develop creative ways to compromise systems across the globe. In an interview held by World Economic Forum’s Strategic Intelligence, Accenture’s managing director says to prepare for attacks is to “drill, drill, drill so that people get their roles and they can have the muscle memory that allows them to kick into action.” However, what are these exercises and what would a cyber security tabletop exercise look like? In order to properly incorporate tabletop exercises into your organization’s security strategy, you need to know what they are and why your company needs to implement them.

What Are Tabletop Exercises in Cyber Security?

Safety drills are common across all industries for a variety of reasons, so why shouldn’t cybersecurity teams have their own drills and exercises to prepare for a cyber emergency like a breach or similar incident. These fire drills, more commonly known as tabletop exercises, are events designed to simulate a threat commonly seen in a real-life event to test the preparedness of a team or company. In these exercises, all the appropriate parties go through the necessary steps to identify, react, and respond to a malicious actor attempting to compromise the system.

While there are a variety of exercises you can run, one of the standard cyber security tabletop exercises is one called a “purple teaming exercise.” This consists of a “red team,” the simulation of threat actors that act within a predetermined attack scope, and a “blue team” made up of members of the internal security team. The blue team’s job is to respond and defend against the red team’s actions in a combined effort to find any potential holes within an organization. This tabletop exercise can be a pre-planned event, or it can be announced suddenly to test how team members will react under pressure, depending upon the needs of your organization.

The Purpose of a Tabletop Exercise

As with other safety drills, a tabletop exercise is conducted in order to both assess your cyber security posture and your team’s readiness to respond to an incident. These exercises can focus on responding to a specific type of threat, like phishing, ransomware, or an internal attack, or they can focus on response time or cross-department cooperation and communication.

Additionally, while tech and security professionals are typically keeping a breach top of mind, these exercises can also test the strategy and preparedness of other departments’ employees (i.e., sales, executives, etc.). A tabletop exercise is a great way to see where your holes are and what measures need to be taken to be better adapted to respond to a real-life potential breach.

Who to Include in Your Tabletop Exercise

In a tabletop exercise, it can be easy to leave out some key individuals because you’re not responding to a real incident. However, if you were to notify or involve a particular person or position in the event of a breach, then you need to include them in your exercises. While tech positions and middle managers may be in charge of remediation efforts, executives and applicable third parties that will have a role in communicating the breach to those affected or to media outlets will also need to be present for a portion of each exercise.

Common Mistakes to Avoid

A exercise is only worthwhile when conducted properly, so here are a few of the mosts common mistakes often made in tabletop exercises that can derail the process:

  • Not having a strategy to your exercise (i.e., not having a particular attack plan ready)
  • Not setting parameters for your attacking team
  • Forgetting to include the proper people at necessary times during your exercise
  • Excluding departments that are at risk for phishing or other social engineering attacks
  • Not using your results to further improve your response plan for the future

The best tabletop exercise you can implement is one that is tailored to your organization’s unique needs and the threats you face most often, so continue to tweak your strategy accordingly as new threats and technology emerge.

Whether you’ve recently held a tabletop exercise and need help updating your response process or you’re in the early stages of revamping your cybersecurity approach, it’s time to consider managed security services to help you increase your security. At Omega ATC, we can assist you with conducting tabletop exercises, provide you with a variety of security solutions customized to fit your needs, and train your employees in cybersecurity awareness in response to your exercise results. Contact us to get started and learn more today.