Tabletop Exercise Examples

A. Ransomware Attack

• Scenario: An employee receives an email that appears to be from a legitimate vendor. They click on a link, which installs ransomware on their computer. Soon, critical systems are locked up, and a ransom message appears demanding payment in cryptocurrency.

• Objectives:

  • Test the effectiveness of data backup and recovery procedures.

  • Assess the team's ability to identify and isolate infected systems.

  • Gauge the decision-making process regarding the ransom demand.

B. Phishing Campaign

• Scenario: A high-ranking executive receives an email supposedly from the IT department asking them to confirm their login credentials on a new portal. The executive complies, not realizing it's a phishing attempt. The attackers gain access to confidential data.

• Objectives:

  • Evaluate the effectiveness of employee training and awareness programs.

  • Determine how quickly the breach is detected and what steps are taken.

  • Analyze the communication process to stakeholders after a breach.

C. Insider Threat

• Scenario: A disgruntled employee decides to leak sensitive information to a competitor. The information includes future product designs and customer lists.

• Objectives:

  • Evaluate the monitoring and alerting capabilities for unauthorized data access.

  • Understand the process to handle potential insider threats.

  • Assess the effectiveness of data loss prevention tools.

D. Cloud Infrastructure Breach

• Scenario: The organization's cloud storage, which houses sensitive data, has been breached. Unauthorized access and potential data exfiltration have been detected.

• Objectives:

  • Test the incident response procedure for cloud infrastructure.

  • Assess the communication process with the cloud service provider.

  • Determine the effectiveness of monitoring tools in a cloud environment.

E. Physical Security Breach

• Scenario: An attacker gains physical access to the server room by tailgating an employee. They plug in a device that begins exfiltrating data.

• Objectives:

  • Evaluate the coordination between physical security and IT security teams.

  • Test the monitoring systems for unauthorized physical access.

  • Assess how quickly the threat is detected and neutralized.

F. Supply Chain Attack

• Scenario: Software used by the organization has been compromised at the source (the vendor). As a result, malicious updates are sent to all clients, including your organization, leading to potential backdoor access.

• Objectives:

  • Assess the organization's software and update verification procedures.

  • Evaluate the effectiveness of network segmentation to contain threats.

  • Test the communication process with vendors and stakeholders.

G. Data Center Outage

• Scenario: A natural disaster (e.g., earthquake, flood) has disrupted operations in one of your primary data centers.

• Objectives:

  • Switching to backup data centers or cloud providers

  • Data replication and recovery

  • Coordinating with onsite personnel and emergency services

  • Business continuity planning

H. DDoS Attack

• Scenario: Your online services face a massive Distributed Denial of Service (DDoS) attack, making them unavailable to users.

• Objectives:

  • Mitigation strategies for DDoS

  • Communication to users

  • Business continuity during prolonged service unavailability

  • Collaboration with ISPs or DDoS mitigation services

I. Mobile Device Compromise

• Scenario: An executive's company-issued mobile device is lost or stolen, containing sensitive corporate data.

• Objectives:

  • Remote wiping capabilities

  • Data recovery and potential breaches

  • Device security policies

  • User training on device safety

J. Zero-Day Exploit

• Scenario: An unknown vulnerability in your systems is exploited, leading to a data breach before a patch is available.

• Objectives:

  • Containing the breach

  • Collaborative response with software vendors

  • Rapid patching and deployment strategies

  • Crisis communication to stakeholders

Conclusion

Each of these scenarios helps organizations prepare for potential cybersecurity incidents by identifying gaps in their defenses, refining their response procedures, and enhancing team coordination.

• Importance of Tabletop Exercises in Cybersecurity