Benefits of incident response tabletop exercises

An organization might already have incident response procedures in place. However, executing those procedures in a real situation might be less effective if key personnel have not had significant exposure to what those procedures entail or understand the reasoning behind them. Practicing responses to a crisis is crucial to minimizing downtime and unnecessary impacts, such as reputational damage.

Regulatory guidance recommends that response planning be enterprisewide, but the focus and responsibility for that planning often lands on IT teams and technology. Because an entire organization is affected by most incidents, personnel from all business areas should be aware of the intricacies of resilience planning and be able to contribute their own experiences and insights to the process.

First and foremost, effective incident response tabletop exercises are more than a fire drill. Preparedness is important, but exercises should also provide an opportunity for everyone to collaborate and respond in ways that can strengthen a response plan and its real-life execution.

Crowe resiliency professionals, in conjunction with experience designers, used their expertise and experience to transform traditional incident response tabletop exercises into guided, interactive crisis events customized to individual organizations. Exercises that place more focus on human interaction and experience than procedural checklists can achieve more, including:

• Helping different parts of the organization better understand each other's requirements during an incident
• Identifying critical factors in a response effort that address needs across the organization
• Improving individuals’ confidence in both the response plan and in the organization’s ability to execute it

What the client needed

Veritex Community Bank has more than $12 billion in total assets. After experiencing a brush with a cybersecurity incident, bank leadership and management sought a third party to help improve their increased efforts and cybersecurity response initiatives.

The bank turned to Crowe and requested customized incident response tabletop exercise that addressed industry standards and regulatory requirements.

What Crowe provided

Crowe specialists created an interactive ransomware response simulation for the bank’s executive team. The simulation incorporated multiple trigger events throughout its compressed timeline, ranging from the discovery of technical issues to a ransom demand and its public aftermath.

Although the tabletop simulation stressed real-time communication and decisions at necessary points through cooperative discussion, Crowe specialists provided a relaxed atmosphere with collaborative tools for participants to reflect on the experience and share their individual perspectives.

The results

The enhanced tabletop exercise helped Veritex Community Bank focus on and address critical elements of their resilience program. Participants were able to:

• Increase awareness of the bank’s current response programs
• Identify areas of improvement in current cybersecurity incident response and crisis management plans
• Improve communications, technology security, and response procedures

Crowe specialists also provided a report identifying strengths and opportunities for future resilience planning.

Bob Ludecke, senior vice president and chief information security officer for Veritex Community Bank, appreciated the intricacies of the tabletop exercise experience and what the bank learned through it:

The most effective incident response planning requires more than IT evaluation and procedural documents. The more immersive and collaborative training is, the more personally engaged and informed everyone can be in upholding preparedness and response efforts.