Test Yourself

As Dennis Waitley stated ‘Expect the best, plan for the worst, and prepare to be surprised’.

We’ve all had an interesting roller coaster ride in 2020, and we’re still not out of it yet – according to the NCSC’s 4th Annual Review, released November 2020, covering the period 1 September 2019 to 31st August 2020, it states ‘that much of the NCSC’s work this year revolved around the coronavirus outbreak’, and there were five core strands which drove cyber security onward in the face of this adversary, which were:

  1. Building NHS Resilience
  2. Protecting Vaccine and medicine research
  3. Supporting remote working and tackling cyber crime
  4. Securing the NHS Covid-29 app and large-scale data
  5. Supporting Essential Service Providers

What becomes more interesting, is looking at some of the key statistics that come of out the report -that the unscrupulous threat actors, seized on this global pandemic to wreak havoc, whereby:

  1. 51,000 Indicators of Compromise (IoC’s) were shared
  2. 1.4 million performances of threat hunting on NHS endpoints
  3. More than 15,000 coronavirus – related malicious campaigns were taken down

The full report is available to view on the NCSC website and publicly available.

So, as cyber criminals continue to look for new ways to exploit any vulnerability as a means to generate income, coronavirus is no exception and has to some extent, made it easy pickings, as nations entered lockdown, and for many, a new way of working – remotely.

Phishing and the fake lures around PPE, testing kits and more continue to be rife across the globe and see no signs of abating as the world struggles to contain this pandemic.

Why should we conduct Tabletop Testing? 

As part of your continued vigilance around cyber security technology and training and awareness programmes for your people and stakeholders, one other key aspect to support cyber awareness is to test your Business Continuity, Disaster Recovery and your Cyber Security Incident Response Plans.

We move beyond understanding passwords and the change from easy to guess passwords ‘123456’ to utilisation of three random words ‘TreeElmoRoad’ to testing our internal plans. However, where we sometimes struggle is engaging our leadership teams in our Business Continuity planning.

We get it, you’re more than testing this from a technology stance but it’s important to include the Board and other senior leadership members and stakeholders in understanding not just the technology, but the people, processes and the communication channels in the event of an incident.

What exactly is a BCP Tabletop exercise?

In short, a BCP tabletop exercise is an informal brainstorming session that encourages participation from a wider group of organisational team members – a mix of business leaders and key employees. We strongly advise that these are run by a BC Consultant who will lead the executive team through a discussion, focussing on key steps that different business leaders need to take and coordinate in the event of a breach. This maps alongside your Business Continuity and Disaster Recovery Plans, or if you’ve not updated yours recently, should assist in building a new comprehensive set, that includes your Cyber Security Incident Response Plan.

How are they run?

Independently – the team at Phoenix can work with you and in the first instance, we will align a plan, in keeping with your organisation. We will only let the least number of people necessary know about the plan and we will coordinate and run the day for you.

We can give you one or a multiple of scenarios of hypothetical disasters – these can range from a ransomware attack to asbestos ceiling collapse and anything in-between.

Once the plan is in place, we will allow your assembled team members to break down the steps of actions needed to be taken; by whom and when – ensuring that all staff, assets etc. are accounted for, along with communications and any other requirements that would need to ensure business remains operational.

We then give you a detailed report – whereby we advise what went well and what didn’t, aligned against industry best practices such as ISO22301. We’ll review the outputs against your organisational risk strategies and work together to bridge any gaps between leadership and the established BCP plans.

Do I Need One?

It largely depends on your organisation, what governance or regulations you follow and how quickly your organisation can recover from any unexpected disruption – these are a great way to understand how you conduct yourselves in the event of a disaster. Granted, you’ve tested this by way of Covid-19, but with the increase in ransomware and cyber attacks in your sector rapidly increasing, doing this once is not enough – how would you react for example to a ransom demand?

If you want to know more about an independently run BCP table top exercise, with full reporting and recommendations, please get in touch with the Phoenix Team on 01904 562200, or email hello@phoenixs.co.uk