Implementing a zero-trust architecture with a trust-score system for users and a dynamic policy for accessing resources can help to limit potential damage in the event of a security incident. But I agree that the balance between protecting against attacks and maintaining productivity can be delicate.
