Are Tabletop Exercises Still Relevant for Modern Cybersecurity?>
Info Sec Magazine – Dotan Nahum
Tabletop exercises, also known as cybersecurity tabletop exercises (TTX), are a valuable tool for testing an organization’s preparedness for cyber attacks and improving incident response (IR) plans.
They allow organizations to assess the effectiveness of their IR plans, facilitate teamwork and collaboration, and provide simulated training for personnel.
While technology can be helpful, it cannot replace the role of tabletop exercises in enhancing communication, collaboration, and identifying deficiencies in IR plans.
However, planning and conducting TTX can be challenging, time-consuming, and expensive.
The cost of an average tabletop exercise can range from $30,000 to $50,000, and designing exercises that accurately simulate real-world cyber attacks requires significant effort.
Additionally, information security teams are often understaffed, underfunded, and underskilled, making it difficult to engage them in make-believe scenarios.
To leverage tabletop exercises effectively in 2023, organizations can follow these tips:
1) Designate a Leader: Appoint a head of TTX within the team to ensure continuity, ownership, and responsibility for investigating scenarios, tools, and services related to running TTX.
2) Divide and Conquer: Instead of conducting lengthy and complex TTX with all stakeholders, break them down into shorter sessions or scenarios that can be scheduled more easily.
This approach allows for targeted training and the simulation of specific attack events over time.
3) Employ AI: Leverage generative AI and tools like ChatGPT to create realistic scenarios, automate attack simulations, and analyze the results, enhancing the effectiveness and efficiency of TTX.
4) Make it Continuous: Instead of conducting TTX annually, establish a continuous process with frequent and shorter sessions.
This approach helps create a cybersecurity culture within the organization and keeps the participants engaged.
Running multiple TTX scenarios concurrently, focusing on different aspects of the attack chain, can also be beneficial.
In summary, tabletop exercises remain relevant for optimizing incident readiness as long as humans play a role in cybersecurity.
By designating a leader, breaking down exercises, employing AI, and making TTX a continuous process, organizations can make the most of TTX in 2023 and beyond.
Link: https://www.infosecurity-magazine.com/opinions/tabletop-exercises-relevant/