Making certain the enterprise is protected against vulnerabilities is a required perform of security groups. It’s additionally a finest observe for cyber insurance coverage distributors and assembly compliance necessities. A well-liked analysis check, the tabletop train, permits security groups and company administration to pick out a risk after which run by means of the method of containing and remediating the risk.
In a tabletop train, a crew discusses their roles and responses throughout an emergency underneath totally different eventualities, usually with somebody appearing as a facilitator. It’s not a full-scale drill however a possibility for stakeholders to speak by means of a simulated disaster.
Which of them must you select to check? There are as many tabletop workouts as there are potential vulnerabilities. Specialists advocate that tabletop workouts be run all year long and rotated primarily based on an organization’s danger profile. Some threats, nonetheless, are typically on everybody’s listing of dangers. These are 4 of the most typical threats for which security groups ought to run tabletop workouts:
1. Ransomware
Nobody is protected from ransomware assaults as they’re among the many most rewarding for cybercriminals, who usually goal indiscriminately. Past the preliminary ransom demand, attackers would possibly try and extort each the sufferer and their enterprise companions, in addition to prospects of the corporate focused within the unique assault. A examine from 2021 by Cybereason famous that 80% of firms that pay a ransomware demand are regularly hit a second time by the identical attackers, typically with the identical assault and typically with a follow-on extortion try. A 2023 examine from Akamai mentioned a ransomware sufferer is six instances extra prone to face a follow-up assault inside three months.
Regardless of the lull in 2022 ransomware assaults, due partially to the Russia and Ukraine warfare and the COVID-19 pandemic, ransomware claims had been up 50% in 2023 over 2022, notes David Anderson, vp of cyber legal responsibility at Woodruff Sawyer, a nationwide cyber insurance coverage brokerage. This yr is anticipated to have extra ransomware assaults than 2023, he says.
Throughout an enterprise’s tabletop analysis of its defenses towards cyberattacks, the crew will probably be on the lookout for methods to establish and mitigate the ransomware and any subsequent extortion assaults. Due to regulatory reporting necessities and potential authorized and monetary liabilities, stakeholders from outdoors the security perform ought to take part. This would possibly embody authorized, communications, finance, compliance, and advertising and marketing.