Our cyberattack simulations can help you identify problems in your emergency response protocols or build them from scratch.
Disasters can strike your organization at any time. Just ask the United Kingdom’s National Health Service. On May 12, 2017, nearly a third of all trusts within the NHS were infected by the WannaCry ransomware virus, throwing the UK’s healthcare system into chaos. Such incidents highlight the critical need for preparedness, not just as a best practice but as a regulatory requirement. Under HIPAA regulations, conducting an annual tabletop exercise is essential to ensure your organization’s readiness for such unforeseen events.
Hackers can decide to launch an attack they’ve been planning for months, or Mother Nature can strike and destroy your critical systems. Do you know what steps you would take during and after a significant disruption?
If your answer is “the cloud,” it’s time to reevaluate and run a cybersecurity tabletop exercise. By wargaming different threats to your organization’s data, and in compliance with HIPAA’s mandatory exercises, you can better understand your existing vulnerabilities. This will enable you to create step-by-step processes to combat and recover from these threats, ensuring your organization’s resilience in the face of adversity.
First, What is a Tabletop Exercise?
A tabletop exercise, or a “tabletop,” is a staged event where management and sometimes staff meet to discuss their actions in a specific emergency. The informal format encourages participants to explore emergency procedures, recovery plan details, standard and emergency operating procedures, and personnel resources.
Your team will select one or several likely scenarios your organization may face and explore their step-by-step reactions. A well-planned tabletop exercise can deliver insights about your organization’s weaknesses and what it needs to change to protect against a threat.
What Happens During a Tabletop Exercise?
During a tabletop exercise, your team meets to discuss their roles during an emergency. A facilitator will guide the team through one or several scenarios and help resolve issues that arise during each one.
For teams with response plans, these exercises will work through them step-by-step. The exercise will validate that your current approach addresses all issues and help identify improvement areas.
If you don’t have an incident response plan, you can develop one as your chosen scenario plays out. You can validate the process and continue improving your strategy during the next exercise.
What to Expect During a Tabletop Exercise with Us
At Skilled Cyber, we follow a specific process with each tabletop exercise designed to help your organization productively identify vulnerabilities in your disaster response plans and take steps to address them.
- We work together to set the goals, ground rules, and assumed conditions for the exercise.
- We help you choose participants representing stakeholders from each department, key vendors, and perhaps your legal and insurance teams.
- We work together to develop a disaster scenario related to your relevant threats.
- Then, we conduct the exercise for 2 to 4 hours.
- Finally, we document the exercise, discuss the results with you, and update or create your incident response plan.
Want to learn more about how we can help your organization build resilience against any threat? Download our report to learn more about our tabletop exercise services!