On December 8, 2021, CU*Answers facilitated a virtual tabletop exercise for credit unions in Battle Creek, MI as part of the training and testing phase for strengthening their incident response program. Participants began with an overview of the stages involved in a typical response, from detection to recovery. From there the exercise shifted to a walk-through of the incident response plan, leading to a simulated ransomware attack scenario. Injects were added at 10-minute intervals with questions for the response team at each point, based on the information at hand.

“The tabletop exercise should not be viewed strictly as pass/fail, as we’ve seen in many instances,” stated Jim Lawrence, VP of Operations and Business Continuity at CU*Answers. “They are instrumental at all stages of the plan development cycle, to help identify where weaknesses exist in both awareness and training of staff, and as a measure of program maturity so that adjustments can be made to reach your desired target state.”

“Objectives for the exercise should be decided in advance, and audience selected within a specific scope. Conversations that take participants deep into the weeds are necessary for some groups but may alienate others, minimizing the overall effectiveness of the program. Having an experienced facilitator can be a valuable resource to help credit unions achieve their goals.”

The exercise concluded with an evaluation of the lessons learned and recommendations for response policies, procedures, and processes, as well as the information security program itself. Additional information about Incident Response services including tabletop exercises from CU*Answers is available on their website.