Let Us Cyberattack Your Organization (Simulated, Of Course) To See If You’re Ready For a Real One

Antwan Banks - April 25, 2023

Is your organization ready for a cyberattack?

Not just your IT department. Your whole organization.

Finance. Sales. HR. Fleet management. Drivers. Even your customers.

When a cyberattack hits, it doesn’t just affect the IT department. But in most companies, it’s only the IT people who give much thought to such scenarios.

At NMFTA, we want our members and the entire trucking industry to be as prepared as possible for cyberattacks.

These are known as tabletop exercises, and they simulate cyberattacks on a company.

Antwan Banks, who recently joined NMFTA as director of enterprise security, has run tabletop exercises throughout much of his career – both in the military and more recently with the Metropolitan Atlanta Rapid Transit Authority (MARTA).

“We infected the whole organization with ransomware and we quickly determined that we didn’t have enough cyberinsurance,” Banks said. “We also didn’t have the pre-contracts in place that, if we got hit, we could kick those contracts into place and get equipment moving and get a response team in place. You have to bring in a professional team to find out how they got in.”

To be clear, MARTA wasn’t hit with ransomware for real. But the simulations are very realistic, and they’re designed to put stress on every part of the organization to find out what people would do in response.

Among the issues considered during the exercise:

  • Could the company under attack stop the spread quickly enough to prevent its partners from getting infected as well?
  • Could the company still make payroll?
  • If the company had to trash its computers and get new ones, could it get them quickly enough to return to operation? And could finance be certain there was enough money on hand to pay for them?
  • If a company’s transportation management system (TMS) was knocked out, could the drivers and assets still pick up and deliver goods to customers?
  • How would the company respond if a customer started seeing pop-up signs on its web site?

Banks says one discovery of the exercise was that the organization had “shadow IT systems” – platforms brought in by employees that the IT department didn’t even know about.

Dr. Jeremy Daily, an associate professor at Colorado State University and the leader of the annual CyberTruck Challenge, says it’s important to make the tabletop exercises wide-ranging because of the evolving nature of the threat.

“You’re limited only by the attacker’s imagination,” Daily says. “They might send deepfakes that appear to be from the CEO, or ChatGPT-generated phishing emails. This stuff is really compelling because artificial intelligence (AI) can learn. The weaponization of artificial intelligence creates a very challenging environment to defend against, because you’re always reacting and they’re always one step ahead.”

Banks says organizations often learn through the tabletop exercises that even when they thought they were protected, they really weren’t.

“Some companies have cyberinsurance, so they think, ‘If we get hit, we’re covered.’” Banks says. “But the cyberinsurance may only be $5 million, and you might have a $20 million catastrophe.”

Another issue that often comes up in the tabletop exercises is how to deal with the public in the event the attack affects them, as would have been the case with MARTA. While a trucking company has a different kind of customer base, a cyberattack could impact people all across the country trying to ship or receive packages. It could also affect customers in the event a cyberattacker leaked their information.

“You want to make sure your brand is not harmed, and that people who do business with you don’t lose confidence in you,” Banks says.

The desired outcomes from a tabletop exercise should include:

  • An incident response plan, or updating of existing plans
  • A disaster recovery plan
  • A business continuity plan
  • A clear idea of the necessary data recovery points
  • Sufficient insurance or other contingencies to cover the worst-case scenarios

“You need to have a playbook in the event something happens,” Banks says. “And it needs to be both electronic and paper because if your system gets shut down, you can only read the paper version. So make sure the paper version is updated with the most current version of the playbook.”

We here at NMFTA are constantly working with members to ensure that defenses against cyberattacks are effective. But we also believe it is critical to be prepared.

If you would like to inquire about help in staging a cyberattack tabletop exercise, please contact Antwan Banks at antwan.banks@nmfta.org for more information.

Antwan Banks
Antwan Banks

Antwan Banks is an accomplished cybersecurity professional with extensive experience in various high-profile roles. He currently serving as the director of enterprise security for the NMFTA where he plays a pivotal role in educating the trucking and supply chain industry about the myriad of intricate security risks associated with enterprise networks. Prior to NMFTA, Antwan served as the director of cybersecurity at the Metropolitan Atlanta Rapid Transit Authority (MARTA), where he managed cybersecurity operations and built the Information Security Office to safeguard various systems and networks. Antwan's expertise also extends to his military service as a United States Army Lieutenant Colonel, where he oversaw IT and computer security projects in Germany and the Middle East and served as a military advisor to the Saudi Arabian military Chief Information Officer.