2023 Cybersecurity Table-top Exercise and Ransomware Response Playbook

1. Cybersecurity Table-top Exercise

1.1 Background and objectives

In 2018, IIROC, one of the predecessor organizations to CIRO, conducted a table-top exercise for small and medium-sized IIROC member firms. Following the success of that exercise, and as stated in our 2022-2023 Compliance Priorities and Annual Priorities, CIRO hosted another exercise in 2023 for the new combined membership of investment dealers and mutual fund dealers.

The exercises were focused on small and medium-sized member firms because they don’t typically have the resources of larger member firms to manage cyber risks. The objectives of the exercise were to:

• raise awareness of cyber threats that are common to the investment industry,
• expose gaps between current state and desired resilience, and
• increase preparedness for likely threats.

The exercises were designed as two separate case studies –a Ransomware incident, and an Insider Threat event – which focused on threat detection, response coordination, and assessment of impact.

1.2 Conducting the exercise

The exercises were designed as two separate case studies –a Ransomware incident, and an Insider Threat event – which focused on threat detection, response coordination, and assessment of impact.

The exercise was conducted in two locations –in Toronto on October 26, 2023, and in Calgary on November 1, 2023. Participants were divided into working groups where they role-played in pre-defined positions within a typical member firm and discussed crisis responses to the scenarios.

Almost 200 individuals from 128 CIRO member firms participated in the exercises. Participants represented a diverse range of roles within CIRO member firms including Governance, Compliance, Cybersecurity, Information Technology, Operations, Sales, and Finance.

The exercises were supported by a number of experts:

• Juno Risk Solutions Inc. (Juno), who was engaged by CIRO, developed and facilitated the table-top exercises.
• A working group of IT and security experts from small and medium-sized CIRO member firms provided feedback to CIRO and Juno to help make the exercise scenarios relevant and useful.
• Representatives from four Canadian law firms (i.e., Bennett Jones, Borden Ladner Gervais, Fasken Martineau DuMoulin, and Norton Rose Fulbright) provided advice to the participants on the legal implications.
• Representatives from three insurance companies (i.e. Axis Capital, Marsh Canada, and Travelers Canada) provided their expertise not only on the insurance considerations, but they also helped facilitate many of the group discussions as well.

We are very grateful for everyone’s valuable participation and support in making the exercises a success.

2. Ransomware Response Playbook

Ransomware attacks, which continue to be prevalent and are growing in volume and sophistication, have resulted in significant financial losses and caused considerable reputational damage to a number of companies. A timely, coordinated, and effective response to cyber attacks is essential to protect member firms and their investors, employees, and stakeholders.

We have prepared a Ransomware Response Playbook (PDF) that can be used as a guide when dealing with ransomware incidents. We also published a Cybersecurity – Ransomware Notice in 2021 that provides guidance to member firms on some basic steps to take to prevent, detect, respond to, and recover from a ransomware attack.

3. For more information

Refer to the Cybersecurity & Technology section of our website for additional guides and resources that will help CIRO member firms protect themselves and their clients against cybersecurity threats and attacks.