Scale IR Tabletop Exercises — Best Practices & Steps to Build a Plan

Scale IR Tabletop Exercises — Best Practices & Steps to Build a Plan

Adversarial Exposure Validation (AEV) platforms are emerging to standardize, automate, and globally scale tabletop exercises, enabling organizations to measure human readiness and strengthen incident response (IR) alignment with frameworks like DORA and NIS2. This addresses the increasing complexity of modern security operations.

This shift is essential because ideal security models often fail in practice due to human error, configuration drift, and the speed at which attackers adapt. A single missed update or weak integration can create major openings, resulting in significant financial losses and reputational damage—the recent Salesforce breach attributed to the ShinyHunters group, stemming from a Gainsight-linked app, highlights the risks of the SaaS integration supply chain.

Key Insights

• 15.72 Tbps DDoS Attack, 2025-11: Microsoft mitigated a record-breaking DDoS attack targeting an Australian endpoint.
• Prompt Injection & AI Security: Security flaws in AI coding assistants like Cline demonstrate the need to treat system prompts as sensitive data, securing AI agents as a whole.
• JustAskJacky Malware Prevalence, October 2025: The JustAskJacky malware family was the most prevalent threat, highlighting the rise of malicious AI-powered tools.

Practical Applications

• Microsoft’s DDoS Mitigation: Microsoft automatically detected and neutralized a 15.72 Tbps DDoS attack, demonstrating proactive cloud security capabilities.
• Pitfall: Relying on outdated security practices or neglecting SaaS integration security can lead to data breaches and significant financial losses, as seen with the Salesforce/Gainsight incident.

References:

• https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html