TECH INTELLIGENCE: Cards on the table time

Listen to this article

Small- and medium-sized businesses often have a limited cybersecurity budget — and cyber criminals realize this, which paints a target on the back of these companies. But an affordable practice called a tabletop exercise may be able to help SMBs fend off these crippling attacks.

During a tabletop exercise, SMB owners and their cybersecurity partner will get together at a convenient time – often virtually – and go over the steps that team members will take during a ransomware attack, a DDoS (distributed denial of service, or a malicious attempt to make a website, machine or network unavailable) or other threat. As part of the exercise, a facilitator will guide participants through scenarios, test their responses, and help them work out effective cybersecurity practices.

For example, what happens if a business is under attack by a threat actor but the company’s chief information officer or cybersecurity response team member cannot be reached? Is there a trained substitute?

Other tabletop exercise topics may include detailing the file- and system-access levels of specific team members; what authorities, if any, need to be notified in case of a breach or attempted breach; and how the organization will communicate with customers.

To carry out an effective tabletop exercise, the facilitator should be familiar with a wide range of cybersecurity scenarios and responses. Facilitators should also gain a deep understanding of the client business’s incident response plans and how they will be executed. A facilitator may start by developing open-ended discussion questions that encourage conversations – such as how to handle an insider threat – and will go on to provide situation updates and moderate discussions. The facilitator will also provide information or resolve questions as necessary. 

And because it is important to encourage participants to open up, management and the managed IT services provider should make it clear there are no “correct” or “incorrect” answers in a tabletop exercise. Instead, the exercise is designed to let participants learn what to do during a crisis, and they should be encouraged to challenge themselves and others respectfully. It should also be understood that it is acceptable for an individual to be unable to answer a question — the purpose of the collaborative meeting is not to point fingers, but to identify weaknesses and develop responses. Participants should be encouraged to think out loud – since this may reduce any tension – and should be motivated to support each other. The exercise should also be designed to highlight any gaps in the business team – such as, “No one is really in charge of that here” – that can then be remediated. 

The low-stress and low-cost nature of a tabletop exercise can make it easier for organizations to schedule them periodically: annually at a minimum, but preferably every quarter. After all, cybercriminals are continually evolving, so their intended victims cannot fall behind on their own planning. For SMBs, these exercises can often be completed in under an hour, although the specific duration will depend on such factors as the scenario being rehearsed, the number of participants involved, and the objectives established ahead of time.

A well-designed tabletop exercise can offer a low-cost, low-risk, and effective way for businesses to assess emergency response plans in advance — and will help individual employees to have a better understanding of their roles in an emergency. It can also provide a safe space to consider potential threats that could impact normal operations. 

For business leaders, a tabletop exercise can also provide a higher degree of confidence that key personnel are well-trained and prepared to respond to critical events, significantly improving response times and minimizing the damage from a cyber attack. At eMazzanti Technologies, we feel so strongly about this proactive measure, that we would like to offer a complimentary virtual tabletop exercise over Microsoft Teams from now through the end of December 2023 to qualified NJBIZ readers whose business has 20 employees or more. For more information, please contact us at: [email protected].

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.