New Tabletop Exercises Help Executives Prepare for Current Cyberattack Landscape: AI-enabled Attacks and Complex Regulatory Compliance.

New and extremely sophisticated cyberattacks are taking organizations by surprise and costing them millions. Preparedness is vital to mitigating the impact of attacks, including the ensuing regulatory obligations. Tabletop exercises are one of the best cybersecurity tools available to both fortify incident response plans and understand exactly what your organization is NOT prepared for. This is why the quality of the tabletop exercises you use matters. 

Following the release of an initial collection of tabletop exercises in October 2023 available under a Creative Commons license, with Crowell & Moring LLP, we have released a new publication – Cyber Resilience: Incident Response Tabletop Exercises Q2 2024 – offering two additional scenarios. 

Three trends that have informed our new scenarios

1. Threat actors continue to target key executive communications for surveillance.

   Public reports show that threat actors, including Scattered Spider, Lapsus$, and Ragnar Locker, conduct targeted surveillance of their victims’ communications, often focusing on incident response channels and executives, security, legal, and human resources professionals.

   A prominent technology provider recently reported in an 8-K filing with the U.S. Securities and Exchange Commission (SEC) that “a nation-state threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.”

   This is of note as individual executives become targets for cyber attackers and many of them continue to be unaware of the security implications of not having a secure, out-of-band communication solution deployed for sensitive communications or readily available in case of a cyberattack. According to research from Dragos, nearly 70% of tabletop exercises revealed challenges in communication.

2. Social engineering attacks, including those incorporating AI tools, are being utilized by threat actors, resulting in significant impacts on victim companies.

   In a digital age where AI-driven mimicry can flawlessly replicate voices and even the personas of key stakeholders, the cybersecurity landscape faces unprecedented challenges.

   While social engineering attacks are not new, the recent effectiveness of threat actors like Scattered Spider in using them – coupled with AI – has again brought them to the forefront for incident response preparedness. Additionally, threat actors are using AI tools to, for example, produce more effective phishing emails or scripts to use when interacting with victim company employees. This only adds to the importance of focusing on these attacks as a part of an organization’s preparedness.

3. Global regulators, shareholders, and other key stakeholders continue to focus on how victims’ management teams handle incidents and communicate about them.

   Executives are now required to take extremely nuanced roles in crisis management – going beyond the traditional technical aspects that once dominated.

   As prominent cyber-attacks continue to make headlines, regulators, shareholders, and other key stakeholders continue to scrutinize how victims are responding to and communicating about cybersecurity incidents. Preparing for and communicating around that response is a key step in risk mitigation, and incorporating those aspects of response into tabletop exercises is accordingly important. For communications about cyber incidents to stakeholders and regulators, enterprises now need to consider potential disclosure obligations, including but not limited to the U.S. Securities and Exchange Commission’s rules regarding disclosure of material cybersecurity incidents.

New scenarios

Rapid Exploitation

This new scenario looks at AI-enabled attacks, particularly where threat actors mimic the voice and visual personas of key individuals. We address escalating attacks involving social engineering, unauthorized software installations, high-value data exfiltration, reputational damage, compromised communications, and targeted reconnaissance of security professionals’ enterprise communications.

Helpful injects encourage organizations to address deepfakes, audit trail requests, dealing with an uncooperative executive, and more.

Disclosure Dialogues

In light of increased scrutiny from regulators, shareholders, and other key stakeholders on how organizations respond to and communicate about cybersecurity incidents, this module addresses preparations needed for responsible disclosure of cybersecurity incidents with material impact.

Who are these tabletop exercises for?

These exercises were written for C-suite executives, in-house counsel, and incident response teams. The toolkit is a resource for leaders as they help their organizations mitigate cyber threats and strengthen their incident response capabilities.