Whether the result of a ransomware attack or more mundane challenges like losing power, unexpected outages can make for some of the most stressful days in IT professionals’ careers. From major airports to giant retailers, numerous companies in 2024 have weathered both cyberattacks and outages, many of which have significantly impacted operations — even causing what is being called the “largest IT outage in history.”
These events underline the importance of not just planning for, but actually preparing and practicing for when the unexpected occurs. When phones are ringing off the hook and alerts are flooding in isn’t when you want to start thinking about your strategy.
So, let’s take a closer look at how companies can implement practices like tabletop exercises (TTXs) to reduce the risk of — and mitigate — the effects of potential threats from cybercriminals and natural disasters alike.
What is a TTX?
Tabletop exercises for security planning share a lot of inspiration from tabletop role-playing games like Dungeons & Dragons. The difference is, instead of scheming to crawl dungeons and find treasure, your team practices each of their functions in the event of a specific simulated scenario. TTX is a structured yet low-pressure environment where participants rehearse their roles in response to, for example, a compromised email account, a service outage or a potential breach attempt during the holiday weekend. The goal is to put into action the playbooks your team has built after assessing your most likely risk scenarios and most important assets and access to protection.
TTXs should include everyone across an organization, especially those with responsibility for management, communications, IT, incident response and security. During a TTX, participants work together to coordinate their specific roles, decision-making processes and the steps they would take to mitigate or resolve an issue. The beauty of these exercises lies in their ability to uncover vulnerabilities and gaps in the existing processes before they become real problems — you’ll often find that even the most mindful planning may miss a critical step in brainstorming. It's about finding and patching the cracks in your defenses before the dam bursts.
By preparing for emerging threats in this way, organizations can ensure they are ready to respond to incidents and adapt and strengthen their defenses in the face of new challenges. It's an invaluable exercise in both communication and coordination, fostering a proactive approach to IT and cybersecurity preparedness.
Tips for Effective TTX in Supply Chain Management
TTX should not be limited to large enterprises — it’s necessary for businesses of all sizes. These exercises help organizations anticipate potential disruptions and enhance their ability to respond effectively.
Scheduling and prioritizing TTX sessions ensures that your organization is continually honing its crisis response capabilities. This commitment reflects a proactive stance toward risk management and demonstrates a culture of preparedness across all levels of the organization.
To make your TTX sessions impactful, consider the following tips.
Start with assessment. Before you start planning your TTX, first make sure you know what you’re planning for. This comes from taking stock of your most critical assets and services, as well as the most likely risks to each. Once you’ve sketched out the scope of what your playbook needs to encompass and what scenarios deserve more preparation, you’re ready to move on to…
Use real-world scenarios. Ground your TTX in reality by basing scenarios on actual events. By using real-world examples, you can simulate the pressures and challenges your team might actually face, providing a sense of urgency and relevance. This approach helps your team practice and prepare for the unexpected, ensuring that they are not caught off guard when a real crisis hits.
Include non-adversarial events. While cyber threats are a significant concern, focusing solely on them can leave your organization vulnerable to other types of disruptions. Incorporate scenarios involving non-adversarial events such as port closures due to labor strikes, natural disasters like hurricanes or earthquakes or supplier failures due to financial instability. By diversifying the types of TTX scenarios, you prepare your team for a wider range of challenges.
Encourage cross-functional participation. Invite participation from various departments, including logistics, procurement, IT and customer service. This cross-functional approach ensures a comprehensive understanding of the potential impact of disruptions, and fosters collaboration in developing response strategies. It also helps identify interdependencies and communication gaps that might not be apparent within siloed teams, and helps reinforce the importance of security as a company-wide responsibility.
Regularly update and repeat exercises. The landscape of supply chain risks is constantly evolving. Regularly update your TTX scenarios to reflect new threats and lessons learned from past exercises. Repeating these exercises on a scheduled basis helps keep your team’s skills sharp and their knowledge current.
Ensure company-wide technology evolves. As technology rapidly advances, TTX scenarios should incorporate the latest tools and platforms that organizations use, or might use, in the future. This includes integrating cybersecurity tools, communication platforms, data analysis software and simulation technologies. By doing so, TTXs remain relevant and accurately reflect the current technological landscape, ensuring that teams are prepared to handle real-world scenarios.
Document and disseminate findings. Document the findings and outcomes of each TTX and share them with relevant stakeholders. This transparency helps in spreading awareness of risks and re-emphasizes the importance of preparedness. It also reinforces the organization’s commitment to continuous improvement and resilience.
By implementing these tips, your organization can transform TTX from a routine compliance activity into a powerful tool for enhancing resilience. This proactive approach prepares your team for potential disruptions and fosters a culture of continuous improvement and adaptability, which is crucial for thriving in today’s complex and interconnected business environment.
Resilience Starts Now
By prioritizing TTX, organizations can uncover and address weaknesses in their response plans, bolstering their resilience against future disruptions. The recent cyberattacks that have played out this year send a loud and clear message: The more connected our world becomes, the more our security depends on each other. Integrating these lessons into our IT and cybersecurity practices isn’t just about safeguarding operations; it’s about ensuring the continuity of the services that keep our world ticking.
Remember that the best time to start preparing is yesterday, and the second-best time is today.
Start by implementing regular tabletop exercises within your organization. Don’t wait for the next crisis to expose your vulnerabilities. Be proactive, be prepared and protect the foundation of your digital infrastructure today. Reach out to your IT and cybersecurity teams or a trusted advisor to schedule your first TTX, and take a decisive step toward a better-prepared and more confident team.
Zoe Lindsey is security strategist at Blumira.