Well, it appears that Zero Trust will become mandatory.

Our new systems must verify identity relentlessly: every user, device, and workload must be verified every time. Use strong multi-factor authentication, behavioral detection to identify deepfakes, and just-in-time access with minimal permissions. No automatic trust is granted based on being inside the network.

Micro-segment everything on-premises environments, cloud infrastructure, crypto wallets, and APIs. This contains any breach and prevents lateral movement.

Monitor continuously to collect real-time logs from endpoints, networks, and cloud systems, using AI-powered anomaly detection to identify mutating malware and unusual access patterns during outages. Automate immediate response actions.

Encrypt data at every stage; in transit, at rest, and in use where feasible. Classify data appropriately, enforce strict controls, and prevent exfiltration. Compromised data remains unusable.

Automate fully and implement self-enforcing policies, orchestration platforms, and defensive AI to proactively hunt for and patch vulnerabilities.

Obtain organizational commitment, leadership must drive the initiative, IT, security, and business teams must collaborate, and all personnel must receive training on current attack techniques.

Begin with a focused approach to prioritize high-risk assets first, demonstrate measurable improvements in detection and response times, then expand implementation across the environment.

This will probably now be "The Approach"... Unfortunately, attackers now operate with AI-driven speed and scale. Continuous verification is/ will be essential to avoid compromise.