Practice Makes Perfect: Tabletop Exercises You Can Do With Your Team

When you want to get better at sports, singing, or sales what do you do? Practice! When it comes to the cybersecurity of your dealership, running through attack scenarios can be crucial to your response in a real event. It can also offer insight into the strengths and weaknesses of your current incident response protocols. These tabletop drills with your team don’t have to be a daunting task. Here are some exercises to practice with your team.

The Malware Attack

Oh no! An employee plugs a thumb drive belonging to the dealership into their personal computer. Now the drive is infected with malware. Once they reinsert it into their work computer, it infects the dealership’s system with the same malware.

What do you do?

Questions to discuss with your team:

• Who within the dealership would you need to notify?
• How would your organization identify and respond to malware infected systems?
• What other devices could present similar threats?
• What should management do?
• How can you prevent this from happening again?
• Do you have training policies in place for all team members?

The Unplanned Attack

A group of hackers is threatening your dealership. They have reached out to you for a sum of money and threatened to attack your dealership’s systems if you don’t comply. You have no knowledge of what kind of attack they are planning. What could you do to best protect your business?

Question to discuss with your team:

• What are the potential threat vectors?
• Have you checked your patch management status?
• Can you increase monitoring of your IDS and IPS?
  • If you don’t have access to do this yourself, do you have a third-party team that can assist?
• What organizations could assist you with analyzing malware?
• How do you alert the help desk?
• Does your Incident Response Plan account for unplanned situations?

The Cloud-based Attack

One of the teams in your dealership frequently uses outside cloud storage for their data. With the nature of your business, this data is considered sensitive customer information. Uh-oh! You have been notified that the cloud storage provider has been compromised by an attack. Now you’re faced with the possibility that all user data stored in that application has been compromised.

What now?

Questions to discuss with your team:

• Does your dealership currently have policies that address third party cloud storage?
• What actions and procedures would be different if this were a data breach of your dealerships’ network?
• What should the management team do?
• What and when do you communicate with the customers who have been impacted?

Cyberattacks can be scary, but being prepared is one of the best defenses your dealership can have. Knowing how to navigate different scenarios and being able to identify areas you may need extra support in will prove invaluable in the event of a real attack. Take these exercises back to your team and see how your response plans account for these scenarios. With a little collaboration and a lot of planning you can build your defenses against any cyber foe.