Playing chess with APTs

During a briefing from the top security analyst at one of the Washington-area cyber centers, I got the idea that resisting targeted attacks from sophisticated adversaries (so-called advanced persistent threats, or APTs) is a bit like playing chess at the grand master level.

Image source: Flickr/Frank Black Noir
Security efforts disproportionately emphasize endpoint anti-malware. But users, desktops and devices are only the pawns on the board (who, unfortunately often hold the crown jewels – your data).

Sophisticated attackers adeptly perform the necessary intelligence-gathering to find just the right social vulnerabilities for the person of interest and the right technical vulnerabilities for the device. Once exposed, most useful devices are easily compromised by targeted malware exploits riding on the back of spear phishing or similar attacks.

Is your CU using the rook, or castle, to provide a strong defense in your own chess game?