Imagine: You are the CEO of a company. It is 5AM and you receive a notification from your team informing you that your company has experienced a cyber attack that has already caused, and will further cause, major disruption. What would you do?
This is exactly what happened to Joseph Blount Jr., CEO of the Colonial Pipeline. On May 7, 2021, Colonial Pipeline, an American oil pipeline system suffered from a ransomware cyber attack that impacted critical computer systems forcing them to shut down the entire pipeline, in an attempt to contain the incident. The company paid the $5 million ransom one day later. However, even with the recovery tool provided by the cyber criminals, it was so slow that they eventually used their own backups to restore the systems. This major incident caused the U.S. Government to issue emergency legislation as fuel shortages were expected to follow suit.
Regardless of your industry, cyber attacks are inevitable if you are not prepared. Whether you work in critical infrastructure, financial services, healthcare or any other field, it's crucial to understand that these threats can affect anyone. Being prepared is essential in safeguarding your organization against potential cyber incidents, because it's no longer a matter of ‘if’ it will happen but a matter of ‘when’ it will happen.
How do most unprepared organizations respond when a Cyber Security crisis occurs?
- Panic and confusion. Rash decisions during cyberattacks, like shutting down critical systems or considering ransom payments, may not ensure data recovery and could instead invite more attacks. In the case of the Colonial Pipeline, paying the ransom proved ineffective, leading them to rely on their own backups for a quicker restoration process.
- Downplay the incident and try to cover it up. Failing to effectively manage a cyber security incident can result in various negative outcomes, including increased vulnerability to future attacks and potential legal consequences. In a notable case, the former Chief Security Officer of Uber, Joe Sullivan, concealed a massive data breach in 2016, involving 57 million customer records. The company paid $100,000 to the attackers to keep the breach secret. However, when new management uncovered the truth, Uber faced a $148 million penalty for the data breach, and Sullivan was convicted on federal charges.
- Communication breakdown. Inadequate incident response can result in delayed decision-making, legal consequences, and damage to an organization's reputation. The Equifax data breach in September 2017, affecting 143 million U.S. consumers, showcased unpreparedness in their response. They created a confusing separate website with an unusual domain, equifaxsecurity2017.com, causing distrust. Social media mishaps with links to a spoofed site deepened confusion. The breach notification website initially included a legal clause implying customers forfeited lawsuit rights, later removed. Equifax struggled with call volumes, leading to a $575 million settlement and the resignation of several executives.
Why is it important to be prepared for a Cyber Security incident?
The aforementioned cyber security incidents are just a few examples among many that have occurred in the past, with new ones continuing to happen to this day.
It is evident that a solitary cyber security incident can affect an organization in various ways, encompassing:
- Financial losses
- Damage to reputation
- Legal and regulatory compliance consequences
- Disruption to business operations
- Loss of customer confidence
- Loss of intellectual property
To combat the negative consequences of cyber security incidents, organizations must conduct an effective method of preparation, such as a cyber security tabletop exercise.
What is a tabletop exercise?
Tabletop Exercise (TTX) assesses your organization's cyber resilience through a verbally simulated scenario, guided by experienced facilitators with decades of expertise in security leadership, threat forensics, and regulatory compliance. Customized scenarios to your organization help to reveal gaps in your incident response plan and enhance awareness among key stakeholders.
"Tabletop exercises are like fire and earthquake drills. We don’t wish for the event to happen but still we prepare for it."
Benefits of Tabletop exercises
- Decrease data breach cost
Organizations that perform TTX are better prepared and thus able to respond faster, minimizing the scope and impact of a breach, leading to reduced downtime and disruption.
IBM's 2023 Cost of a Data Breach Report states that organizations with robust incident response planning and testing can reduce the cost of a data breach by an average of $1.49 million compared to those with minimal or no incident response planning and
- Fulfill your legal and regulatory obligations
Certain countries may require cyber security testing, including tabletop exercises, within specific laws or regulations. For example, the Cybersecurity Code of Practice for Critical Information Infrastructure in Singapore mandates scenario-based cyber security exercises at least once every 12 months for Critical Information Infrastructure Owners (CIIOs). Additionally, contractual agreements with clients or business partners may specify the necessity of cybersecurity testing, such as tabletop exercises. Organizations should be mindful of the diverse regulatory landscape in their country and industry to ensure they understand their legal obligations.
- Protects your brand
Customers are more likely to remain confident and trusting of an organization that is committed to protecting their personal data when it responds to incidents effectively and efficiently. Therefore, the brand maintains its reputation as a responsible and trustworthy entity.
The delayed response to the data breach of Equifax and subsequent issues that led to a significant erosion of customer trust might have been minimized if they had prepared for cyber incidents.
- Tests and improves current incident response processes
Regular simulations, adhering to the adage "practice makes perfect," sharpen an organization's incident response capabilities. This practice not only enhances leaders' decision-making skills but also boosts confidence in handling such situations through a deep understanding of the incident response process.
By learning from TTXs, organizations can respond to cyberattacks faster and more efficiently, having become familiar with existing response plans and procedures. These exercises also provide an opportunity for reflection, allowing organizations to refine their incident response processes. After each exercise, a thorough review is conducted to assess successes and shortcomings, enabling the preparation of action plans to address any identified security gaps.
- Fosters collaboration
Data breaches impact the entire organization, requiring collective awareness and participation in the response. Tabletop exercises encourage cross-functional involvement, building security awareness among employees and educating leaders on department-specific risks and their role in incident response.
Participants in these exercises extend beyond Cyber security and IT teams to include representatives from Human Resources (HR), Legal, Public Relations (PR), Executive Management, and other relevant business units. Everyone has a part to play.
Conclusion
Cyber threats persist, necessitating a top priority focus on readiness for all organizations, especially those frequently targeted sectors like finance, healthcare, government, critical infrastructure, and technology.
Unprepared organizations faced with a cyber crisis often reactively respond, leading to chaos, extended downtime, and exacerbated consequences. Mere existence of security policies and incident response procedures is inadequate; regular tabletop exercises are crucial to rigorously simulate and test these processes.
Preparedness minimizes the impact of cyber attacks, reducing financial losses, maintaining reputation, ensuring regulatory compliance, facilitating swift recovery to normal operations, and overall enhancing organizational cyber resilience.
