Scary new threats don't necessarily require big changes to your security infrastructure. These simple actions can be more effective and less disruptive. Credit: IDG / Thinkstock If you are like me, you follow world events and news such as Okta being breached by a group of teenagers to see if you need to change your defenses. This may not be a time to roll out new technologies or major changes to your network, as this will introduce other types of risk. Instead, consider taking these steps in response to current events.Block traffic selectivelyBlocking traffic from Russia and Belarus may help you limit noise from your log files, and if you run a customer-facing website, from trolls and spam comments, but blocking their location will not slow a dedicated attacker. They will merely hop on another VPN and come in from another location. If you do want to reduce traffic, review your business needs and limit to those countries and locations that you do business with.Review how you use multi-factor authenticationThe Okta breach made some of us rethink how multi-factor authentication (MFA) is implemented. We tend to roll out push-style MFA to make it easy on the users, but often this lures users into approving prompts without thinking about what is happening. Consider the risks of the users and for what they use MFA.Microsoft is urging folks to move away from prompt-based two-factor authentication to matching an item. Already rolled out to their consumer-based Microsoft account MFA, the company is now using a prompt of a number to match. Keep communications on threats relevant to users and leadershipSending too much communication to staff and management about what should or should not be done is just noise. The sky is not falling, and that noise will only encourage people to tune out the important messages. Send communications only when it is relevant to your firm and can be actionable to your end users.You still need to keep senior leadership informed about what is going on and perhaps what you are seeing in your log files. Use fact sheets on news items and security events, and prepare briefs to show where you have taken action, where you are researching actions to take, and what resources you might need to maintain or complete a goal. Find appropriate information and technical resourcesFind resources regarding how attacks occurred and determine if your firm has the necessary resources to protect itself. For example, recent events in Ukraine used ransomware and disk wiping software to do the most damage. Do you have the resources to restore or redeploy systems? Do you have resources to withstand DoS attacks?Ensure that someone on your staff watches social media sites for information on attacks and methodologies. Twitter often has insight and information into events. Even if you don’t tweet, you can set up an account watch what others say. Start with a recommended list of tweeters, and then look at who they follow and add them to your list. The SANS Internet Storm Center is also another excellent resource for information about incidents and events.If you have a Microsoft’s 365 E5 license, you can review threats on the Threat Analytics website. The console provides actionable information regarding the attacks Microsoft is investigating. You can drill down in the console to review recommendations for mitigation and prevention. Susan BradleyThreat Analytics consoleYou will often see recommended Attack Surface Reduction (ASR) rules to block and protect machines. You can often enable ASR rules without any major side effects, but it’s recommended to roll these rules after testing. I highly recommend that you start an analysis of the impact of such rules in your network. Susan BradleyThreat Analytics recommended Attack Surface Reduction rulesTo stay up to date on global threats, pay attention to government advisories. In particular, review two documents that were released as a result of potential Russian cyber activity: the White House’s Fact Sheet: Act Now to Protect Against Potential Cyberattacks and the Cybersecurity & Infrastructure Security Agency’s (CISA’s) Shields Up advisories. If you are part of a government network or critical infrastructure, the Information Sharing and Analysis Center (ISAC) for your industry will also have relevant information on recent threats. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Vulnerabilities Security brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe