Zero trust not a fix-all solution to cyber threats

Zero-trust controls will not be able to sufficiently protect systems against 50% of cyberattacks, such as social engineering attacks and API-based threats, by 2026, indicating that the technology is not a silver bullet against cyber threats, according to VentureBeat. Moreover, measurable and mature zero-trust programs are expected for only 10% of large enterprises by 2026, compared with only 1% this year, a Gartner report showed. Increasing attacks targeted at cloud attack surface segments are poised to reduce the efficacy of zero trust and would require organizations to implement stronger defenses in addition to access controls, said Gartner. "The enterprise attack surface is expanding faster and attack[er]s will quickly consider pivoting and targeting assets and vulnerabilities outside of the scope of zero-trust architectures (ZTAs). This can take the form of scanning and exploiting of public-facing APIs or targeting employees through social engineering, building or exploiting flaws due to employees creating their own bypass to avoid stringent zero-trust policies," said Gartner VP Analyst Jeremy D'Hoinne.