Easy to say.
IMHO the only workable long-term defence is heterogeneity - supported
by distribution, redundancy and just taking the simple things
Business has spent the last few decades discarding heterogeneity and
the bigger they are, the more comprehensively they have discarded it.
Companies that are floor to ceiling and wall to wall Windows.
Centralised updates, centralised networking, centralised storage,
centralised ops teams, and (typically) a culture of sharing. A
relentless prioritising of convenience over security. For goodness
sake, even the NSA had the attitude that "if you are this side of the
drawbridge you must be OK"!
We need to start building systems that are not seamless, that are not
highly interchangeable, that are not fully interconnected, and we have
to include our human systems in that approach.