Gartner predicts that owing to the growing enterprise attack surface, more than half of cyber threats will target vulnerabilities that zero trust controls do not cover or cannot mitigate.
According to the prediction, by 2026, 10% of large enterprises will have a mature and measurable zero-trust program. But most importantly, he zero-trust approach to security will only minimize potential threat and make successful attacks less harmful, but companies should not expect zero-trust guidelines to be easy to implement or to prevent most attacks.
Gartner says that zero trust adoption is slow, and threat actors are shifting their focus to areas other than zero trust coverage. It goes on to say that while most organizations were considering zero trust, only a few had fully implemented zero trust.
Exploiting vulnerabilities in software and hardware, as well as using stolen or compromised credentials, could be used by hackers to circumvent zero trust protections. Threat actors may also conduct spear-phishing campaigns aimed at specific individuals, gain physical access to devices and network infrastructure, and use malware or other malicious software to gain access to systems and data.
In the end, Gartner recommends that chief information security officers (CISOs) chief information security officers (CISOs) and risk assessment chiefs should create an efficient zero-trust tactic which helps balance the need for safety with the requirement to run the business. Furthermore, organization should develop zero trust first in order to secure the most critical assets with the highest return on risk mitigation.
The sources for this piece include articles in CPOMagazine and Datacenterknowledge.