Tabletop Exercise Examples
A. Ransomware Attack
Scenario: An employee receives an email that appears to be from a legitimate vendor. They click on a link, which installs ransomware on their computer. Soon, critical systems are locked up, and a ransom message appears demanding payment in cryptocurrency.
Objectives:
Test the effectiveness of data backup and recovery procedures.
Assess the team's ability to identify and isolate infected systems.
Gauge the decision-making process regarding the ransom demand.
B. Phishing Campaign
Scenario: A high-ranking executive receives an email supposedly from the IT department asking them to confirm their login credentials on a new portal. The executive complies, not realizing it's a phishing attempt. The attackers gain access to confidential data.
Objectives:
Evaluate the effectiveness of employee training and awareness programs.
Determine how quickly the breach is detected and what steps are taken.
Analyze the communication process to stakeholders after a breach.
C. Insider Threat
Scenario: A disgruntled employee decides to leak sensitive information to a competitor. The information includes future product designs and customer lists.
Objectives:
Evaluate the monitoring and alerting capabilities for unauthorized data access.
Understand the process to handle potential insider threats.
Assess the effectiveness of data loss prevention tools.
D. Cloud Infrastructure Breach
Scenario: The organization's cloud storage, which houses sensitive data, has been breached. Unauthorized access and potential data exfiltration have been detected.
Objectives:
Test the incident response procedure for cloud infrastructure.
Assess the communication process with the cloud service provider.
Determine the effectiveness of monitoring tools in a cloud environment.
E. Physical Security Breach
Scenario: An attacker gains physical access to the server room by tailgating an employee. They plug in a device that begins exfiltrating data.
Objectives:
Evaluate the coordination between physical security and IT security teams.
Test the monitoring systems for unauthorized physical access.
Assess how quickly the threat is detected and neutralized.
F. Supply Chain Attack
Scenario: Software used by the organization has been compromised at the source (the vendor). As a result, malicious updates are sent to all clients, including your organization, leading to potential backdoor access.
Objectives:
Assess the organization's software and update verification procedures.
Evaluate the effectiveness of network segmentation to contain threats.
Test the communication process with vendors and stakeholders.
G. Data Center Outage
Scenario: A natural disaster (e.g., earthquake, flood) has disrupted operations in one of your primary data centers.
Objectives:
Switching to backup data centers or cloud providers
Data replication and recovery
Coordinating with onsite personnel and emergency services
Business continuity planning
H. DDoS Attack
Scenario: Your online services face a massive Distributed Denial of Service (DDoS) attack, making them unavailable to users.
Objectives:
Mitigation strategies for DDoS
Communication to users
Business continuity during prolonged service unavailability
Collaboration with ISPs or DDoS mitigation services
I. Mobile Device Compromise
Scenario: An executive's company-issued mobile device is lost or stolen, containing sensitive corporate data.
Objectives:
Remote wiping capabilities
Data recovery and potential breaches
Device security policies
User training on device safety
J. Zero-Day Exploit
Scenario: An unknown vulnerability in your systems is exploited, leading to a data breach before a patch is available.
Objectives:
Containing the breach
Collaborative response with software vendors
Rapid patching and deployment strategies
Crisis communication to stakeholders
Conclusion
Each of these scenarios helps organizations prepare for potential cybersecurity incidents by identifying gaps in their defenses, refining their response procedures, and enhancing team coordination.