So we're like how do we do that well in the instructions in this you know it's all scenarios based right these are scenarios and this was obviously didn't really happen this is a scenario pick up the red phone and call Bull so we picked up this phone and we're we're calling them and the person on the other end's got this thick French accent and um I don't want to try and imitate a French accent but the guy you know the guy's talking yes what is it what do you need and I like we need a Bull made frame and they're like we have one left and like great one left awesome we want to buy it right now and uh and we know what it costs it's worth about $12 million we'll give you $12 million for this bull Mainframe and they said well we want there silence and they said we want $45 million and we're like wait a minute $45 million we know it's only worth $12 million they're like no no this is the last one we have four other customers that want this bull main frame we want $45 million this was in 2006 and Iremember putting my hand over the phone and telling everybody they want $45 million and everyone in the room like all upset you know this big room full of people on computers and we're all you know responding and so we negotiated with them for the next 10 minutes we ended up deciding like $23 million we negotiated we bought it it was all this was all you know fictional exercise right this is where it gets interesting because so the next day at the end of the exercise there's there's always what we call a hot wash a hot wash is where you uh go through the activities of the week what went well what went wrong what could you do better what did did you learn what were Lessons Learned how can you prepare in the future based on these scenarios that happened and one person raised their hand in the middle of this and said we're saying like what do you think what did not go well and what was like unreasonable and one of our experts who became a a very GL well I'm not going to name the person because but it became a global CSO very very famous now um person does Cyber all over the world um said Dan that whole thing with the bull Mainframe that would never happen no one would ever extort money using cyber security you know this was and somebody yelled um yeah it was kind of like we were being held for ransom and somebody else said yeah ransomware you know almost mocking like laughing about this this could never happen this is a pipe dream you know it's this never you know like you know we're gonna drive you know we take a plane to Pluto or something this is just far-fetched the funny thing was bicash we we look back at that now and we ransomware became like the number one story in cyber like threats or became in 2019 for sure but even back in 2013 it started getting big 2014 2015 2019 you know I think it was for me it was the top story in state and local governments in the USA 2020 they say it doubled last year 100% and now it's GNA even be worse in 2021 so my point is this that whole exercise we you know Homeland Security thought of that at seven years before ransomware even became very big and then even 15 years before it's like the number one story so my message to to the people listening and to people watching us is you can learn a lot in these scenarios you can think through things and even think through what might come next and who knows you may even be predicting what's going to happen five years from now in cyber security because bad guys are always looking for new ways to get into our our networks new ways to make money new ways to um to extort money and and so we saw that way before ransomware became popular great that's very interesting Dan so Dan let's let's consider a scenario like this that suppose we have to do do a tabletop exercise sure for an Enterprise can you give a kind of playbook for conducting um tabletop crisis cyber crisis drill so we can start with who like who who are the folks who should be in the room how long should it be what should be the structure what are some best practices what are some dos and don'ts so building a kind of high level structured framework for conducting cyber crisis drill for Enterprise how would you approach that great question so I've been a part of many of those both within government and now in private sector uh working with uh the US it's with infragard with you know federal agencies with us uh state agencies and others um so first of all obviously there are different types of of tabletops um I'm going to talk about one that really for example in Michigan would be a whole of government approach which you know really needs to involve the top Executives so whether it's government but whether it's the private sector like you said it's a large Enterprise you need to really have the decision makers the board members Andor the top you know if you're in agencies if you have different departments those big decisio need to be there because they need to really understand you know what happens when you have a ransomware attack what happens when you have you know you're hacked or you have a data breach what are the steps you need to go through so the first thing I would say is um around that table at a high level you need to have the business Executives included so you need to have elements of of legal you need to have elements of of financial you know your CFO you need to have um obviously in in in government we have police you know the people who are enforcers the security team um the people that are actually going to be implementing this from a technology perspective so cios Chief Information officers also you know different um different types of experts in business area so whatever you know who knows which area might be hit last year the biggest area in the US was hospitals so if this was a hospital tabletop you know the scenarios for doctors might be slightly different than it might be for a government or if it's for a bank it could be different you know what are the different fun functions maybe it hits one part of the bank and maybe not another part of the bank so you want you know you want to make sure those leadership uh roles from all across the Enterprise are there at the table um and that's really important you know getting them involved the other thing is you want to make sure that as you're putting together your scenarios and I would just recommend you know go to in the USA I don't know um you know other parts of the world as well I know the UK and USA very well but you know NIST is a great place to go.
Highlights:
Participants: Include top executives, legal counsel, finance (CFO), security team, law enforcement, and IT (CIO).
Scenario selection: Tailor scenarios to the organization's industry (e.g., hospitals, banks).
Resources: Leverage resources from organizations like NIST (US) for scenario development.
Structure: Define goals, agenda, roles, and desired outcomes beforehand.
Facilitation: Employ a facilitator to guide discussions and keep the exercise focused.
Open communication: Encourage open communication and participation from all attendees.
Debriefing: Conduct a post-drill debriefing to identify areas for improvement.
By carefully planning and executing tabletop exercises, organizations can improve their preparedness for real-world cyberattacks.
Speakers:
Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.
https://twitter.com/govcso
https://www.linkedin.com/in/danlohrmann/
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/