By Brennen Schmidt, Principal, ALEUS Consulting Group and speaker at EVOLVE 2025
When your public statement on a crisis gets leaked before it’s even sent, you realize the real crisis isn’t just outside—it might be on the inside, too. How would your leadership team respond under this kind of pressure? What does your team do next when communications likely can’t be trusted?
Like a “ghost in the wires,” a silent threat actor silently undermines your operations, striking your most important systems. Reports of telecommunications breaches in late October 2024 are a clarion call for organizations across sectors, especially given their potential to disrupt governance or erode public trust.
For boards and councils, they underscore an urgent need for improved collaboration between operations and administration teams to prepare for these types of incident response challenges. As disruptive as a situation like this may be, those at the decision-making table must quickly address the immediate threat while maintaining public confidence.
Put another way: What’s more damaging, the crisis itself or the unpreparedness which follows?
Introducing the Tabletop Exercise (TTX)
A TTX can serve as an invaluable way to evaluate how boards, councils, leadership teams, and operational staff would respond to this kind of a situation. By simulating real-world scenarios, a TTX brings together key stakeholders to discuss “what ifs.” The TTX looks to ‘pressure test’ existing policies and procedures. An inject—timely, supplementary information that complicates the scenario—can take the exercise to the next level by introducing realism, while pushing participants to think critically. Injects are what make TTX scenarios truly dynamic, forcing participants to grapple with unpredictable twists—much like what would take place in a real-world situation.
For instance, imagine an inject where a public statement has been leaked, and all existing communications channels—like email or instant messaging—are flagged as compromised. The question becomes: What now? Remember, the clock is ticking. Every misstep potentially risks creating an even larger crisis.
If your team doesn’t have alternative, trusted communication channels already in place, the focus likely shifts from crisis management to damage control. This is precisely why TTX activities are so valuable. TTX exercises can uncover gaps in policies, procedures, or platforms before a ghost in the wires can exploit them.
Pressure testing alternate communications
Consider the same example: with no secure way to coordinate internally, teams may scramble to find workarounds. Without secure internal coordination, decision makers may gravitate toward temporary fixes which can create confusion and potentially introduce new risks.
A TTX could highlight the need to establish and test secure communication channels, like Signal or other encrypted platforms, well ahead of an actual crisis. By embedding these tools in policies and practices, your organization’s decision makers can move from being reactive to proactive—acting with reflexive confidence when it matters most.
The power of a TTX lies in its ability to enable organizations to shift from reactive measures to a continuous state of readiness. In this example, with secure communication systems already in place, key decision makers could approach a public statement leak not with panic but with practiced confidence.
A well-run TTX can potentially transform “what if” scenarios into “we’ve got this” moments. Such moments can give decision makers the clarity and tools they need to succeed under pressure. Even if a “threat actor in the wires” emerges, your organization can be more resilient. For councils and boards, this also means staying “out of the weeds” and, instead, focusing on being the steady hand which can uphold governance while reassuring stakeholders.
Think you’re ready for a “threat actor in the wires”?
Chances are… you’re not! Join Brennen Schmidt at a post-Evolve conference workshop and experience the thrill (and chaos) of a Tabletop Simulation—an interactive workshop that puts your cybersecurity instincts to the test.
Under Cyber Siege: Protecting the Financial Fortress in a Tabletop Simulation
Plus, don’t miss Brennen on November 18 as he helps CPAs unlock the power of AI in his EVOLVE 2025 conference session:
Copilot for CPAs: From Curiosity to Capability
When threats are near or a crisis is clear, Brennen is ready to steer. A leading expert in cybersecurity, emergency planning, and crisis response, he’s widely renowned for turning complexity into clarity. See Brennen’s full bio.
Source: Injecting Chaos: A Threat Actor in the Wires – Brennen Schmidt
