TrollEye Security

Menu

How General Bank of Canada Refined Their Incident Response With a Tabletop Exercise

After General Bank of Canada (GBC) rigorously assessed and validated their security investments with an in-depth red teaming exercise, they wanted to debrief with their entire team. That’s why before the red teaming assessment was even conducted, GBC knew that they needed to conclude with a tabletop exercise.

By simulating custom built attack scenarios informed by the prior red teaming assessment, GBC rigorously tested its detection, containment, and response capabilities. This structured exercise not only validated their security investments but also improved understanding across teams and leadership.

Enhanced Awareness and Preparedness

The exercise improved awareness across teams, from business executives to security personnel, helping them understand the findings from the red teaming assessment and the real-world risks they posed.

Refined Incident Response Strategies

Walking through the simulated attack scenarios as a team helped refine detection, containment, and recovery processes, ensuring the organization is better prepared to respond to future incidents.

Strengthened Cross-Team Collaboration

The collaborative nature of the exercise fostered stronger communication and coordination between departments, enhancing overall incident response effectiveness.

About General Bank of Canada

General Bank of Canada (GBC) is a federally regulated Schedule I Canadian chartered bank and a member of the Wheaton Group of Companies. Committed to financial innovation and security, GBC provides a range of loan and deposit solutions across Canada, with a strong focus on automotive, aviation, and equipment financing.

  • Industry: Banking and Financial Services
  • Size: 51-200 Employees
  • Location: Alberta, Canada
  • Services: Red Teaming Assessment, Physical Penetration Testing, and Incident Response Tabletop Exercises

The Assessment That Led Up to Our Tabletop Exercise

Before conducting the incident response tabletop exercise, our red teaming engagement played a crucial role in assessing and validating the General Bank of Canada’s security posture. Operating covertly, the red team executed a real-world attack simulation, employing a combination of attack vectors, including internal and external penetration testing, social engineering, physical testing, and dark web threats.

The insights gained from these assessments directly influenced the structure of the incident response tabletop exercise, in order to ensure that it directly reflected real world threats.

Read About Why GBC Chose Us to Conduct a Red Teaming Assessment

How We Conducted Our Tabletop Exercise and Who Benefited From It

We conducted the incident response tabletop exercise by simulating an attack scenario based on findings from our red teaming assessment. The goal was to create a realistic assessment that challenged participants to apply incident response protocols in real time. Key personnel, including executives, IT staff, and security teams, were engaged to ensure both technical and strategic perspectives were represented.

The scenario began with an insider threat gaining initial network access through compromised credentials. It escalated to lateral movement across systems, testing the team’s ability to detect unauthorized activity and contain the breach. The final phase introduced a mock ransomware deployment, forcing participants to consider containment, data recovery, and regulatory implications. The exercise’s complexity ensured every stage of the response process was evaluated.

The same team that conducted the red teaming assessment guided the exercise, maintaining realism while encouraging critical thinking. Teams assessed tactics, processes, and procedures, identifying gaps and exploring alternative strategies. The exercise concluded with a structured debrief, where teams reviewed performance, discussed key takeaways, and identified areas for improvement. 

By walking through the scenario as a team, the organization gained deeper insights into its strengths and vulnerabilities, allowing everyone from the risk and compliance team, to executives being able to better understand the organizations security posture. 

Learn More About Our Incident Response Table-Top Exercises

GBC's Executive Team

The Executives at GBC gained critical insights into the risks facing the organization and the potential business impacts of a cybersecurity incident. The exercise helped clarify the connection between technical security challenges and operational consequences, such as regulatory compliance, reputational damage, and financial loss. Executives walked away with a deeper understanding of how timely decisions, resource allocation, and communication strategies can influence the outcome of an incident.

GBC's Security Team

The Security Team benefited by testing their detection, containment, and recovery protocols in a controlled yet realistic setting. They were able to assess how quickly and effectively they could identify and mitigate threats, while also evaluating their internal coordination and use of security tools. The exercise provided a safe space to identify process gaps, validate their response strategies, and explore new approaches to strengthening defenses. This hands-on experience reinforced technical skills and highlighted areas for ongoing training and development.

GBC's Information Technology Staff

The IT Staff gained valuable experience in understanding how technical infrastructure can either support or hinder effective incident response. They learned how to better identify and isolate compromised systems, manage data recovery, and address challenges related to network segmentation and access controls. The exercise also emphasized the importance of clear communication with security teams and leadership, ensuring technical responses aligned with broader organizational objectives.

GBC's Risk and Compliance Team

The Risk and Compliance Team benefited by evaluating the organization’s readiness to meet regulatory obligations during an incident. They gained clarity on how security incidents could impact compliance requirements and identified areas where documentation, reporting, or escalation processes could be improved. This strengthened their ability to oversee risk management strategies and contribute to refining incident response protocols.

Adam Ennamli
Adam Ennamli
Chief Risk Officer at The General Bank of Canada
The incident response table-top exercise proved extremely valuable in testing our detection capabilities, containment strategies, and recovery processes. The exercise simulated a network compromise scenario involving an insider threat, lateral movement through the network, and potential ransomware deployment. Our incident response process worked exceptionally well, with the vigilance of users at every step demonstrating the strength of our security posture. The exercise highlighted the importance of continued testing and practice to maintain readiness against evolving threats.

Learn More About Our Incident Response Table-Top Exercises

For organizations looking to elevate their incident response readiness, a tabletop exercise is an essential step in identifying gaps, improving coordination, and ensuring teams are prepared to face evolving threats. At TrollEye Security, we specialize in crafting tailored, realistic exercises that challenge and empower organizations to strengthen their defenses.

To learn more about how our incident response table-top exercises can enhance your security strategy and better prepare your teams for real-world incidents, contact TrollEye Security today. Let us help you build resilience through preparation.

Get Started With Our Incident Response Tabletop Exercises

This Content Is Gated