03 February 2026
A study from Zero Networks reveals that the greatest cybersecurity threat is not zero-day exploits or advanced malware, but attackers abusing trusted internal access paths to move laterally within organizations. 
Such breaches are nearly impossible to prevent entirely, prompting a shift in cybersecurity strategy—from solely blocking access to limiting what attackers can reach once inside.
Albert Estevez Polo, Field CTO at Zero Networks, emphasized that resilience hinges on containing threats at their entry point to prevent widespread damage. Reducing the “blast radius” of breaches safeguards critical assets and maintains operations, even when initial defenses are bypassed.
Analysis of 3.4 trillion activities across 400 enterprise environments over a year shows that attack impact is more about what attackers can access post-entry than how they got in. Notably, lateral movement can compromise over 60% of an environment within an hour of initial breach.
Key findings include:
- Many threats blend seamlessly with normal activity, appearing legitimate.
- Attackers often exploit common protocols like SMB, RDP, WinRM, and RPC, which are essential for daily operations and cannot be simply disabled.
- Less frequently flagged systems such as Microsoft SQL Server, System Center Configuration Manager, and Active Directory Web Services—though generating fewer alerts—are critical targets that can grant control over core infrastructure.
- The threat is less about attacker skill and more about organizational failures; a single compromised system can reach nearly all internal systems within minutes, leaving little time for reactive measures.
- Zero Networks has submitted these findings to the UK Parliament’s Public Bill Committee, emphasizing that cyber resilience should focus on limiting lateral movement to protect operational continuity.
