Is overconnectivity putting your business at risk? asks Michael Vallas, Global Technical Principal at Goldilock Secure.
Over the last twenty years, IT strategies have been driven by the need to connect everything. Remote access became standard, network layers and APIs multiplied as systems were integrated in the name of efficiency and scale. But that hyper-connectivity is better termed over-connectivity and comes at a cost. In 2025 alone, cyber-attacks rose by 50 per cent, highlighting just how much risk organisations have embedded into their own environments.
What’s more, the UK Government’s Cyber Action Plan alongside more aggressive threats like the recent wave of DoS attacks against local government and UK CNI operators are forcing businesses and public services to rethink the size and danger of the attack surfaces they’ve created. As a result, we’re seeing more organisations move away from always-on connectivity towards an approach where systems are only connected where and when needed to deliver their core function.
While techniques that try to reintroduce hard boundaries and firebreaks inside networks like air-gapping and logical micro-segmentation have brought us part of the way there, they still rely on software and identity access controls, which attackers can subvert and are becoming adept at sidestepping.
That’s why company leaders should be looking at combining logical controls with technologies that can physically control connectivity on demand.
As organisations have raced to become more connected, their digital environments have become ever more complex and inevitably harder to control to the nth level. Yet, when a new vulnerability or threat appears, many organisations respond by bolting on yet another security tool, patch or integration. While each of these might address a specific risk, they often lead to a fragmented security posture that inadvertently hides microscopic blind spots that attackers exploit by subversion, concealment and impersonation techniques.
At the same time, adversaries are using automated and AI-driven attacks that can think, spread and adapt in real-time without human input. In those moments, software-only defences still depend on the very systems being attacked. While firewalls and endpoint security are still important layers in any security posture, relying on software to fix software weaknesses creates a fragile dependency that can’t guarantee safety.
The answer isn’t to abandon digital defences, but to enhance them with ground-up resilience that remains effective even when the software has been compromised.
Not everything needs to be online, all the time
Cybersecurity doesn’t have to be complicated everywhere to be effective. However, complexity risks being universal. The average organisation now manages an average of 83 security solutions from 29 vendors. Which helps explain why the industry norm is to take 84 days to contain a threat. Therefore, organisations that focus on the fundamentals like clarity, control and defined isolation can end up far better protected than those relying on fragmented tool stacks.
This shift starts with reassessing how much of your infrastructure truly needs to be online. Today’s default strategy is always-on connectivity, but keeping everything on all the time also creates constant exposure. Sensitive data, critical systems and backups that don’t need constant internet access shouldn’t be left open to attackers simply out of habit.
By physically separating systems from the network, risk becomes easier to manage and connectivity becomes a simple, binary choice where systems are either connected or they are not. As cyber threats grow more frequent and more sophisticated, organisations are increasingly combining logical controls with hardware-enforced network isolation using technologies that allow servers to be disconnected and reconnected instantly using secure, out-of-band controls that don’t rely on the compromised network. They’re outside the view of the attackers.
Why physical control matters
True cyber resilience comes from knowing exactly when and where to disconnect key assets. By selectively disconnecting critical assets or business zones at the right time and in the right places, organisations can regain total control of their security posture without disrupting their day-to-day operations. The key to modern deployment of this firebreak method lies in that control and being able to connect and isolate systems instantly – either automatically or at the touch of a button – so that exposure is reduced while business continuity is maintained.
When a security breach does happen, the ability to physically control the containment of a threat by creating a clean physical break gives security teams and boards alike a powerful way to stop threats in their tracks. Particularly aiding cleanup and recovery. Crucially, it also demonstrates the methods of control insurers now scrutinise during a breach investigation before approving any payout, reducing the risk of a single incident becoming a costly, multi-million pound claim.
Unlike software defences like firewalls or virtual LANs, isolating systems at the hardware level addresses novel software attacks, limits lateral movement and reduces the blast radius of an attack to a fraction of what it would otherwise be.
This capability dynamically renders selected parts of the network invisible, providing a new standard of control for cyber security, especially in high-stakes environments such as public services, data centres and financial institutions, where resilience expectations are only increasing and any downtime carries serious operational, financial or regulatory consequences.
Even fortresses need firebreaks
The goal isn’t about retreating into isolated, air-gapped islands everywhere. For organisations planning ahead, the focus is shifting to taking back physical control over network security and connectivity. That means designing interconnected networks as protected zones, with deliberate, well-placed firebreaks that keep attack surfaces as small as possible and turn breaches into containable incidents instead of company-wide disasters.
By right-sizing connectivity against the live threat level and asset criticality, businesses can dramatically reduce both the exposure and impact of an attack. One compromised system no longer paralyses the entire business, ransomware can’t spread unchecked, and incidents can be readily isolated and recovered from.
For businesses worried that technologies like AI will amplify attacks, the priority should be on proactively putting the right systems, strategies and response plans in place. These measures will ensure that even when your business is breached, operations can continue uninterrupted before recovering in as little time as possible. Importantly, true resilience doesn’t mean assuming high walls stop every attack, it’s about having a clear, actionable plan that contains threats, limits disruption and keeps the business running smoothly even if you are compromised.
