Scary new threats don't necessarily require big changes to your security infrastructure. These simple actions can be more effective and less disruptive. Credit: IDG / Thinkstock If you are like me, you follow world events and news such as Okta being breached by a group of teenagers to see if you need to change your defenses. This may not be a time to roll out new technologies or major changes to your network, as this will introduce other types of risk. Instead, consider taking these steps in response to current events.Block traffic selectivelyBlocking traffic from Russia and Belarus may help you limit noise from your log files, and if you run a customer-facing website, from trolls and spam comments, but blocking their location will not slow a dedicated attacker. They will merely hop on another VPN and come in from another location. If you do want to reduce traffic, review your business needs and limit to those countries and locations that you do business with.Review how you use multi-factor authenticationThe Okta breach made some of us rethink how multi-factor authentication (MFA) is implemented. We tend to roll out push-style MFA to make it easy on the users, but often this lures users into approving prompts without thinking about what is happening. Consider the risks of the users and for what they use MFA. Microsoft is urging folks to move away from prompt-based two-factor authentication to matching an item. Already rolled out to their consumer-based Microsoft account MFA, the company is now using a prompt of a number to match. Keep communications on threats relevant to users and leadershipSending too much communication to staff and management about what should or should not be done is just noise. The sky is not falling, and that noise will only encourage people to tune out the important messages. Send communications only when it is relevant to your firm and can be actionable to your end users.You still need to keep senior leadership informed about what is going on and perhaps what you are seeing in your log files. Use fact sheets on news items and security events, and prepare briefs to show where you have taken action, where you are researching actions to take, and what resources you might need to maintain or complete a goal. Find appropriate information and technical resourcesFind resources regarding how attacks occurred and determine if your firm has the necessary resources to protect itself. For example, recent events in Ukraine used ransomware and disk wiping software to do the most damage. Do you have the resources to restore or redeploy systems? Do you have resources to withstand DoS attacks?Ensure that someone on your staff watches social media sites for information on attacks and methodologies. Twitter often has insight and information into events. Even if you don’t tweet, you can set up an account watch what others say. Start with a recommended list of tweeters, and then look at who they follow and add them to your list. The SANS Internet Storm Center is also another excellent resource for information about incidents and events.If you have a Microsoft’s 365 E5 license, you can review threats on the Threat Analytics website. The console provides actionable information regarding the attacks Microsoft is investigating. You can drill down in the console to review recommendations for mitigation and prevention. Susan BradleyThreat Analytics consoleYou will often see recommended Attack Surface Reduction (ASR) rules to block and protect machines. You can often enable ASR rules without any major side effects, but it’s recommended to roll these rules after testing. I highly recommend that you start an analysis of the impact of such rules in your network. Susan BradleyThreat Analytics recommended Attack Surface Reduction rulesTo stay up to date on global threats, pay attention to government advisories. In particular, review two documents that were released as a result of potential Russian cyber activity: the White House’s Fact Sheet: Act Now to Protect Against Potential Cyberattacks and the Cybersecurity & Infrastructure Security Agency’s (CISA’s) Shields Up advisories. If you are part of a government network or critical infrastructure, the Information Sharing and Analysis Center (ISAC) for your industry will also have relevant information on recent threats. Related content feature The biggest data breach fines, penalties, and settlements so far Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting. By Shweta Sharma and Michael Hill Apr 26, 2024 16 mins Data Breach Security news New CISO appointments 2024 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Apr 26, 2024 14 mins CSO and CISO IT Jobs IT Governance news Top cybersecurity product news of the week New product and service announcements from Forcepoint, Ionix, Amplifier Secutiry and Torq. By CSO staff Apr 26, 2024 81 mins Generative AI Security feature Looking outside: How to protect against non-Windows network vulnerabilities Security administrators who work in Windows-based environments should heed the lessons inherent in recent vulnerability reports. By Susan Bradley Apr 25, 2024 7 mins Windows Security Network Security Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe