Cyberthreats are becoming more sophisticated, and the role of in-house counsel in managing these risks has never been more important. 

At the recently concluded South Asian Bar Association of North America (SABA) 2024 conference, ArmorText CEO Navroop Mitter shared some of his insights along with other cybersecurity and legal experts in a Continuing Legal Education (CLE) session titled “We’re Under (Cyber)Attack! Interdisciplinary Best Practices for In-house Counsel.” 

The importance of “Tabletop Exercises”

Tabletop exercises are simulated cyber incident scenarios that help organizations prepare for real-life attacks. These exercises are crucial because they allow teams to practice their response strategies in a controlled environment. 

The SABA 2024 CLE session emphasized the regulatory motivations from both US and Canadian perspectives for conducting tabletop exercises, and illustrated how these exercises serve the self-interests of organizations. However, it’s not just about running the exercise; avoiding common pitfalls, like assuming your communications tools are safe, failing to include all relevant stakeholders or neglecting to follow up on lessons learned, is essential. Regularly conducting tabletop exercises ensures that all team members know their roles and can act swiftly and effectively during an actual incident.

6 Key Takeaways on Cybersecurity for In-house Counsel

Here are six key takeaways from the tabletop exercises, which provide valuable insights into how in-house counsel can effectively handle cybersecurity threats. 

1. Cyber incident response exercises must involve critical roles across the enterprise  — This includes the C-Suite, Counsel, Public Affairs, Human Resources, Communications, IT, and Operations. While their roles may differ by incident, today’s cyberattacks necessitate whole-enterprise responses from coordinating what to say to regulators, customers, and media to managing engagement with law enforcement and external counsel.
   
2. If you can’t communicate, you can’t remediate — Ensuring critical personnel and teams are aligned and can collaborate through a secure, out-of-band communications channel during an incident is crucial for a swift and coordinated response. This is especially true once an incident has been officially declared, kicking off regulatory disclosure countdowns.
   
3. Real incidents do not play out like Hollywood blockbusters, fast and furious with everything occurring at once — Rather, organizations need to simulate making imperfect decisions based on imperfect information and the process of reevaluating those decisions as new details emerge. Attacks like those perpetrated by Scattered Spider play out in phases — e.g. initial indicators of compromise, later revealing data exfiltration, followed by a realization of the reputational impacts. Cyber Resilience: Incident Response Tabletop Exercises Q2 2024 Module 1 is designed to help simulate just such an attack.
   
4. Ignoring third party vendors or partners is not in your best interests — Laying out your organization’s shortcomings in front of external parties can be uncomfortable. But, without involving critical vendors or partners in your exercises, how can you expect them to know how to support you in your time of need? How can you gauge where their own preparedness shortcomings might interfere with your incident response?
   
5. Tailor your exercises to your organization, not the news cycle —  While it’s appealing to show readiness for recent high-profile attacks, if these scenarios don’t align with your actual threat model, you risk wasting resources. Focus on preparing for the real and specific risks your organization faces to ensure effective use of time and money.
   
6. You only have one chance to get it right — How companies react to and communicate about cybersecurity incidents is critical, and there is only one chance to get it right. Having an established post-incident communication strategy, both internal and external, can significantly impact the organization’s reputation and recovery.
   

The insights shared at the SABA 2024 CLE session underscore the importance of proactive measures and comprehensive planning in cybersecurity. By incorporating these key takeaways into their strategies, in-house counsel can better protect their organizations against the ever-evolving landscape of cyber threats. 

Preparing for the worst through continuous training and collaboration across departments ensures that when an attack occurs, the response is swift, effective, and minimizes damage.

If you would like to learn more about secure out-of-band communications, or would like to conduct tabletop exercises for your organization, let us know at https://armortext.com/contact-us/