Experts agree that a cyber conflict with physical ramifications outside of a traditional kinetic conflict is unlikely. But they also believe the cyber vector is a new force multiplier in nation-state conflicts. Whether APTs are targeting infrastructure, corporations or governments, there is a strong need for public/private collaboration to improve security.
“Enhanced situational awareness based on reliable threat intelligence is critical to forming effective defense strategies against these advanced threat actors. Without a thorough understanding of the threat, defensive strategies and spending will be inefficient at best and ineffective at worst,” said Hensley.
Hensley advocates a layered security process and controls, continuously applied and updated based on ongoing visibility of evolving threats. Security processes and controls should include vulnerability lifecycle management, endpoint protection, intrusion detection/prevention systems, firewalls, logging visibility, network visibility and security training.