Setting the table for safety

This month marks Cybersecurity Awareness month — an entire month dedicated to raising awareness about the importance of cybersecurity. McDonald’s Technical Blog is focusing its content during October to cybersecurity topics.

McDonald’s Global Technology Risk Management organization participates in tabletop exercises (simulations) to test cyber-threat response plans, identify and address any gaps in the plan, and build muscle memory.

by Michael Dobbs, Director, Security Operations Center

Picture this. It’s early on a Monday morning, and as employees begin logging into their computers, an alarming message pops up on their screens. Important files have been encrypted, and to decrypt them, a ransom must be paid within 24 hours to an unnamed source.

As more employees log on for the day, the Global Technology Risk Management (GTRM) Team becomes inundated with alerts. The team immediately jumps into action, and begins implementing the incident response plan to investigate, validate, contain, remediate, and pinpoint root cause, all while extracting valuable lessons for future reference.

The good news…there is no real threat. The GTRM Incident Response team is a running a tabletop exercise. The actions, though, are very real, as the team members are putting their emergency plan for the real situation into practice.

A critical dress rehearsal
Advancements in technology bring an array of benefits, but they can also introduce vulnerabilities, accentuating the need for cybersecurity. Amidst this evolving digital terrain, organizations may gravitate toward proactive defensive measures. One measure is the tabletop exercise — a collaborative approach to cyber-threat preparedness that assesses an organization’s efficacy in enhancing its resilience to cyber threats.

Tabletop exercises are the cybersecurity equivalent of strategic war games. Teams and markets from across McDonald’s come together, diving into scenarios that mimic real-world cyber threats. More than just a technical drill, the role-playing exercises assess the efficiency of response protocols, the clarity of inter-team communications, and the strengths and pitfalls in decision-making, allowing organizations to update or reaffirm their protocols.

By creating a controlled environment to simulate cyber threats, we shed light on our ability to respond to real-world cybersecurity challenges, empower team members to make critical decisions, and pinpoint areas for bolstering our cybersecurity readiness.

Tabletop exercises serve as a barometer for gauging our cybersecurity strengths and resilience. They:

• Evaluate the robustness of our incident response plan, focusing on decision-making prowess during high-pressure situations.
• Spotlight potential bottlenecks, areas of confusion, or inefficiencies in our established processes.
• Assess our long-term recovery strategies and help put plans in place for unexpected variables, such as technical setbacks or the absence of key personnel.

Securing information and our reputation
Cybersecurity incidents wield the potential to do more than disrupt business operations; they hold the power to significantly tarnish a brand’s credibility and trust. Tabletops play a pivotal role in helping ensure that McDonald’s is adept not only at technical responses but also in areas critical to brand reputation, such as effective stakeholder communication and reputation management.

By rehearsing various scenarios, the exercises help prepare teams from across our organization to safeguard our brand image.

• Interdepartmental synergy: Tabletop exercises involve representatives spanning various departments, which helps instill a deeper understanding and foster a heightened level of cooperation throughout our organization. Interdepartmental unity and constructive collaboration prove indispensable when responding to genuine cyber incidents, helping us prepare to have a more cohesive and swift response.
• Regulatory compliance: With regulations like the General Data Protection Regulation and California Consumer Privacy Act placing requirements on businesses, tabletop exercises can help test and visually show compliance readiness.
• Stakeholder assurance: For investors and partners, the knowledge that we regularly conduct and refine our response strategies through tabletop exercises can be a powerful assurance of our commitment to cybersecurity.
• Future readiness: The digital landscape is ever evolving with new technologies, opening the door for new vulnerabilities and attack vectors. Conducting regular tabletop exercises helps us stay ready for future challenges.

Deepening our commitment to cyber safety
GTRM continues to commit resources to expanding measures to holistically test and analyze organizational readiness across all our global markets throughout the year.

Tabletop exercises, though not a new concept, have taken on renewed importance in our digital-first world. As we acknowledge the multifaceted challenges of modern cybersecurity, the depth, frequency, and comprehensiveness of tabletops will likely increase.

By proactively finding vulnerabilities, refining strategies, and fostering a culture of continual learning, tabletops help serve as a lynchpin in the quest for cybersecurity excellence. With the right focus and resources, it helps better position McDonald’s as both reactive and proactive defenders of our digital realms.