Innovative toolkit is a resource for organizations solidifying incident response capabilities in the face of new cyber threats
ArmorText, which safeguards communication for organizations worldwide, and the international law firm of Crowell & Moring LLP today released an update to their tabletop exercise guide, making new exercise scenarios publicly available under a Creative Commons license. The new Cyber Resilience: Incident Response Tabletop Exercises Q2 2024 addresses urgent challenges facing executives, including disruptive attacks by increasingly sophisticated criminal actors with well-publicized recent examples, as well as increasingly complex regulatory obligations.
“We are seeing new and extremely sophisticated cyberattacks taking organizations by surprise and costing them millions. Preparedness is the best cybersecurity tool to mitigate the impact of attacks, including the ensuing regulatory obligations,” said Navroop Mitter, CEO, ArmorText. “These tabletop exercises provide realistic simulations of current cyberattacks, and they are designed to help executives test their organizations’ responses in a controlled environment and pinpoint weaknesses.”
With the first edition of the guide published in October 2023, this new publication offers two additional scenarios, each organized into a module with tailored injects and facilitator prompts that incorporate three recent trends:
- Threat actors continue to target key executive communications for surveillance.
- Social engineering attacks, including those incorporating AI tools, are being utilized by threat actors, resulting in significant impacts to victim companies.
- Global regulators, shareholders, and other key stakeholders continue to focus on how victims’ management teams handle incidents and communicate about them.
“To help organizations improve their incident response, we have continued making the scenarios free to take and use. Our plan is to continue adding to this collection of modules through future publications to reflect the continuing evolution in the cyberattack landscape,” continued Mitter.
Two new modules:
- Rapid Exploitation:
- Escalating attacks involving social engineering, unauthorized software installations, high-value data exfiltration, reputational damage, compromised communications, and targeted reconnaissance of security professionals’ enterprise communications.
- AI-enabled attacks, particularly where threat actors mimic the voice and visual personas of key individuals.
- Disclosure Dialogues:
- Preparing for responsible disclosure of cybersecurity incidents with material impact in light of increased scrutiny from regulators, shareholders, and other key stakeholders on how companies and their management teams respond to and communicate about cybersecurity incidents.
“Our hope is that leaders at organizations of all sizes will leverage our Cyber Resilience guide to help them prepare for cybersecurity incidents and enhance their preparedness for threats that are designed to exploit their systems and people. Tabletop exercises are a worthy investment of executives’ time and are a key tool to help protect a company’s operations, financial integrity, and reputation,” said Crowell & Moring partner Matthew B. Welling.
According to IBM’s Cost of a Data Breach Report 2023, over half of companies who experience a cyberattack bolster spending post-incident with their top investment being Incident Response (IR) planning and testing, and organizations with both an IR team and pre-attack IR testing were able to identify breaches a full 54 days faster than those with neither.
Additional Resource:
- Cyber Resilience: Incident Response Tabletop Exercises Series
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!