Close this search box.

5 Reasons Ransomware Tabletop Exercises Are Critical to Disaster Recovery

The author

In my previous overview of the topic, I likened ransomware tabletop exercises to an IT version of Dungeons & Dragons. If the idea of role-playing pretend scenarios sounds childish, think again; in fact, it should be a key part of your wider disaster recovery (DR) strategy.

1. No Environment To Stand Up

Traditional DR testing requires a test environment and all the overhead that entails. That environment must serve as a mock-up of your production environment, with enough hardware and software replicated to reliably simulate a disaster then perform recovery.

Not so with a tabletop exercise. Refer to the example exercise I pitched in my previous article and note that all you need to run through it are people (ideally your computer security incident response team, or CSIRT) and their time. Each person involved in the plan talks through what actions they will take through each step of the disaster and ensuing recovery. No hardware or software is required, because it all plays out through hypothetical discussion.

2. Easily Repeatable

Practice makes perfect, and tabletop exercises can be practiced as often as desired. A full test environment typically needs to be staged to some extent prior to each test run, but a tabletop exercise that requires no environment can be kicked off anytime the required people are available to participate. This saves time and possibly money (depending on how you built your test environment), which means you can easily repeat the test time and time again at any frequency.

3. Infinite Variation

Ransomware attacks come in many varieties and their delivery methods are no less varied, to say nothing of the many other types of cyberattacks. Accounting for every such possibility in a test environment is expensive, inefficient, and exhausting, if not impossible.

Tabletop exercises don’t suffer this restriction; in fact, variety is welcome. Any given tabletop exercise can be modified by one tiny detail or overhauled entirely to fork off into another direction of cause/effect chains. The key to a good exercise is to constantly pose the question “What if _____?” every step along the way. Repeating this line of questioning every time you practice the exercise results in continually prodding and poking at your DR strategy in search of oversights and weaknesses.

4. Creative Evolution

Infinite variety encourages creative solutions that can evolve as quickly as the attacks themselves. When news breaks of a new variant, run through the exercise with it and observe what needs to be changed. This makes for a much more robust and flexible testing mindset that can adapt on the fly faster than any physical test environment could ever offer.

5. It Compliments Other Tools

Though tabletop exercises are far cheaper and efficient than running an actual DR test environment, the former is by no means a replacement for the latter. I’ve previously stated that one of the Top 4 Ways to Prevent Ransomware Attacks is to remember that “Practice Makes Secure” and that practicing should include a mock-up test environment.

Tabletop exercises compliment your other tools. What you observe during a tabletop exercise should inform you on how to improve your test environment; likewise, you’ll likely discover caveats when executing a real test that you may have never caught during your DR role-play.

No testing means no assurance; conversely, the more practice methods you have at the ready, the more prepared you will be for any current or future threat.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap