Limit cyberattacks with a system-wide safe mode

This article first appeared in Harvard Business Review.

Cyberattacks cost companies an estimated half a trillion dollars in damages every year. The main reason they can harm companies to such a staggering degree is that today’s cybersecurity systems use centralized monitoring, with little beyond their main firewalls to protect the rest of an organization. As a result, when companies are hacked, it can take days for information technology teams to isolate infected systems, remove malicious code, and restore business continuity. By the time they identify, assess, and resolve the incident, the malicious code has usually proliferated, almost without limit, across any connected or even tangentially related systems, giving hackers even more time to access sensitive data and to cause malfunctions.

To identify and mitigate evolving new attack scenarios, security systems need to search for anomalies, analyze the probability that they are hostile acts, and incorporate them into a continually expanding list of possibilities.
Claus Herbolzheimer, Partner, Oliver Wyman

To stay ahead of new intrusion techniques, companies need to adopt decentralized cybersecurity architectures, armed with intelligent mechanisms that will either automatically disconnect from a breached system or default to a “safe mode” that will enable them to operate at a reduced level until the effects of cyberattacks can be contained and corrected. Like the general security systems at high-risk sites such as nuclear power plants, companies require multiple layers of redundant safety mechanisms and cybernetic control systems. The goal should be to create “air pockets,” with neither direct nor indirect internet connections, that can protect critical equipment and internet-connected devices. Every company’s cybersecurity program will have unique attributes, but there are several fundamentals to this decentralized architecture that can help companies shift the balance of power away from the attackers.

Even the most expertly designed cyber architecture is useless if it can’t detect and understand the threats it faces. Companies are experiencing more cyber viral outbreaks because they often can’t even detect them until it is too late. Today’s cybersecurity systems have been built to detect previously identified malicious codes and malware. But cyberattacks are morphing so fast that threat patterns are unpredictable.



Partner Paul Mee on how companies can combat today's sophisticated cyberattacks.

About authors

Claus Herbolzheimer is a Berlin-based partner in the Digital and Strategic IT practices.