Expect the Unexpected: Going Beyond Tabletop Testing
Preparing for unknown adverse events requires assumptions, interpretations, critical thinking, and planning, so that when they happen, the unexpected is avoided. When they do happen, it is impossible to know if it will be in relation to the preparedness that was put into place, however their unpredictability is only debilitating if we allow it to be.
As school children, we practiced preparedness by taking part in drills for tornadoes, earthquakes, fires, and other expected concerns. Because the drills were practiced in preparation for something unplanned, they did not provide a fool-proof result, but a pathway and mindfulness should something adverse occur.
Unfortunately, disasters, attacks, and other failures have a mysterious aspect to them. How do Operational Resilience leaders take advantage of the unexpected to improve resilience, resourcefulness, and responsiveness when bad things happen?
Planning for the Unexpected
Executive, IT, and Operational Resilience teams have the daily responsibility of assuring security, awareness, monitoring, and productivity. Part of protecting the business ‘bubble’ requires regular testing. Often, this is done much like our grade school drills - by simulating an emergency and creating a plan of resilience to execute. These drills are often termed ‘tabletop tests.’ Just as the name describes, a tabletop test involves discussion with a team ‘around a table’ regarding the specific business and IT goals and initiatives that protect assets and extend resilience.
Tabletop tests have three directives: preparation, defense, and recovery. These tests provide results that open the eyes of the immediate ‘round table’ team, allowing for education and preparedness for the business. When run consistently, tabletop tests can provide valuable information on both current practices and areas of improvement, based on the level of vulnerability and the resilience discussed. This preparedness reinforces defenses with foreknowledge of attack possibilities and recovery options should the defenses become overwhelmed.
Mapping Out the (Un)Predictable
A cybersecurity tabletop plan involves a small group of management and technical personnel who are responsible for executing Incident Response and Operational Resilience plans. They must convey the plan’s details and its importance to the team while assuring that it meets business requirements as defined to enable operational capabilities and processes. Because it is a simulation of a possible cyber event, the team determines what the IT disaster entails, including the cause, the length, the timing, and the target.
The cause is the scenario developed to drive thought and execute the affected plans against. It elicits a response and recovery to occur by describing what has negatively impacted operational capabilities and processes. The length of discussion pertaining to the cause, or the execution of the tabletop, can vary from a couple of hours to an extensive week-long effort –depending on the depth to which the scenario is developed and delivered.
Timing can be both place and time related, however it is necessary to predetermine the number of acceptable distractions caused by removing personnel from work operations. Additionally, timing related to time of day, day of the week, monthly and quarterly impacts, and even a surprise execution or added association with the tabletop also needs to be determined. Lastly, a target gives the tabletop and its participants a focus on specific aspects of the business or certain goals to reach. This also helps in gaining a better understanding of how the business operates so that during adverse events there is more resilience and less surprise or debilitation.
Although it is a small team of professionals who prepare and manage a tabletop event, the business must be mindful in its practices and how to best provide value through the event. Meanwhile, as resources are pulled aside to manage the tabletop, day to day routines still require support and operations which potentially leads to the need for tabletop assistance.
Partners at the Ready
Businesses are vulnerable and need a trusted team to manage their cybersecurity preparation, defensive measures, and resilience. Enlisting the support, expertise, and watchful eye of a partner is a way of adding value for ‘planning’ for the unexpected. From DR-as-a-Service to leveraging experienced consultants, organizations can better prepare for responding to an unexpected incident by augmenting the assistance required to provide value through a tabletop event. Cayuse offers this expertise and support.
- Experience: Our clients want both a well-executed test, and planning based on real world events as well as after-action reports detailing gaps, remediation initiatives, and plans. Cayuse has an experienced team with over 75 years of tenure assisting Fortune 100 firms with their resilience programs and delivering tabletop tests and full-scale exercises.
- Collaboration: We work closely with our clients to understand their business, critical services, and recovery plans, bringing industry knowledge and expertise to help develop and execute tests. This improves the real-world event scenarios impacting an organization’s ability to continue operations. Our after-action plans inform both management and technology of issues encountered during the test and provide comprehensive documentation on gaps and remediation efforts to improve response, and recovery, and meet business requirements and objectives.
- Resilience: Tabletop testing of today goes beyond the traditional Operational Resilience events and must include cybersecurity teams to provide end-to-end resiliency. Tabletop tests, when jointly executed by IT and cybersecurity teams, add value to an organization’s resilience plans by protecting critical data and recovering operations from ransomware and other cyberattacks.
- Scalability: Extending an organization’s tool set beyond documented plans enables better and more frequent simulations through the automation of testing. This further enables more frequent testing and a tighter coupling with change management as the organization’s business and technology change. Cayuse has experience with vendor tools and can provide services to assist with the evaluation, selection, and implementation of a tool that fits both budget and need.
- Partnership: Enlisting a partner can be beneficial to improving an organization’s resilience and cybersecurity programs. Whether for a specific purpose, to fill staffing or knowledge gaps, or an ongoing annual campaign, a readily available, well-trained second set of eyes can identify gaps and provide guidance that aligns with industry standards and regulations. Such efforts lead to assuring that resilience is tested and ready to respond to potential threats and business-impacting events.
The Cayuse team believes in diversity and loyalty. We partner with our clients to provide professional expertise while improving cybersecurity approaches for Operational Resilience. We proactively prepare responses to the unpredictable risks businesses face each day.
Learn more about how Cayuse successfully implemented tabletop testing for a multinational hospitality company by reading our case study.
Preparedness is Validation
Many companies have Operational Resilience plans that haven’t yet been validated, while some have plans that have gone through a tabletop event. Thus, preparedness is in place for the planned simulated event yet lacking in full-scale validation. An even further, essential element for resilience and cybersecurity is for organizations to train in these cohesively, allowing for preparedness for real-world, business-impacting events. It is vital to gain resilience through extended preparation for the unexpected.
When it comes to responding to a cyberattack, data breach, natural, or physical disaster, and the recovery thereafter, preparedness is key. Being able to bounce back after an operationally impacting event is imperative in allowing business continuity for delivering services and survival overall.
Going a step further, having a partner in the industry that can support program parameters, provide cross-industry guidance, and assist with integrated, robust tabletop events truly is a game-changer.