There’s a cyber attack under way. An intruder is inside your network: moving freely, collecting data, and setting up a command-and-control (C&C) node for future communication. Except this time, you’re watching them – you can see what they’re doing. The dilemma remains: what do you do? Allow them to continue traversing the network while you operate, wait for forensic specialists to arrive or find a way to stop them?
Earlier this year, a BBC news report on the Co-op incident claimed that the IT team at the UK retailer “made the decision to take computer services offline, preventing the criminals from continuing their hack”.
The criminals sent a message to the BBC, stating: “Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics and torching shareholder value.”
In its statement, Co-op said it “took early and decisive action to protect our Co-op, including restricting access to some systems”, which helped to contain the issue, prevent further data being accessed and protect the wider organisation.
When questioned at the Business and Trade Sub-Committee in July, Co-op representatives did not use the phrase “pulling the plug” directly. But Rob Elsey, group chief digital information officer at Co-op, said VPN and remote access were restricted “as a way of ensuring that we were able to keep the criminals out of our systems”.
Elsey explained that software within its network was “effectively trying to communicate with a threat actor’s website”, and after identifying the source, the team took the proactive measure of pausing all communication within that zone.
This, he stressed, was not “pulling the plug”. Co-op’s systems “are heavily segregated, which means this was very much focused on one specific zone”. He told the committee: “Throughout this, all our online business continued to operate normally, and our retail stores and payments are segmented, so they were not part of this attack.”
Which plug do you pull?
Whether Co-op truly pulled the plug is open to interpretation. But in the wake of recent rulings on ransomware payments, the option to take immediate action may lead to more pragmatic decisions.
Ev Kontsevoy, CEO of Teleport, says that while pulling the plug might be an effective short-term tactic, “it’s a sledgehammer approach, not a strategy”, adding: “Taking systems offline might stop lateral movement or data exfiltration in the moment, but it doesn’t solve the root problem: how attackers got in, how long they were there and what they accessed. It also causes unnecessary business disruption, which is one of the more tangible impacts of cyber attacks these days. We should not be encouraging even more disruption by taking systems offline.”
Tim Rawlins, director and senior adviser at NCC Group, tells Computer Weekly that it is not as straightforward as simply “pulling a plug”. The critical question, he says, is which plug – one connected to the outside world, or one on the internal network?
“When people talk about pulling out the plug, we don’t want them to turn off systems completely, because then we lose all the volatile forensic evidence – the data in memory. If you pull the plug in the classic ‘turn it off, turn it back on again’ sense, that’s what we lose,” he says.
Instead, Rawlins advises proper network segmentation: “You’re trying to make it harder to get from this segment to that segment. It’s either entirely physically separated, or it’s got firewalls with additional role-based access control.”
Segmenting a network, he adds, is best practice regardless. In the event of an attack, it makes lateral movement more difficult. “If you can pull the network plug, not the power plug, then you can reduce the chances of it spreading off one host onto multiple hosts – and really that is where ‘pulling the plug’ comes in,” Rawlins says.
“There is an element of shutting down things you believe haven’t been compromised. If you can see the route they came in, you can get ahead of that and stop access to it. But you need to make sure it fails gracefully. If you just turn a system off – literally pull the plug – a lot of systems will crash.
“You can instead shut them down so they are dormant and not available to be attacked – that’s what a lot of organisations will do. The shorthand is to pull the plug; the longhand is that you’ve got to think about it a bit more carefully.”
Context matters
The issue is not simply whether to pull the plug, but what the situation demands. In a LinkedIn poll this reporter ran on this subject, 55% of respondents said pulling the plug was the best way to stop an attack in its tracks. However, comments on the poll made it clear that it’s not so binary. One respondent said it was “drastic, last resort stuff”. Others stressed the need to consider “architecture, segmentation, critical servers, type of incident and many more data points” before acting.
Tim Anderson, chief customer officer for the UK at CyberCX, explains that while taking servers offline is a common and often effective step, it is not straightforward and can introduce new risks.
“It’s important to target the right systems,” he says. “Given how interconnected modern computer systems are – both internally and to the internet – switching everything off can be complex, time-consuming and disruptive.
“Where possible, our digital forensics and incident responders prefer ‘surgical’ network isolations of specific systems or portions of the network. This effectively disconnects the impacted systems from the internet, rather than pulling the power. It can contain the attack and allow investigators crucial time to understand the scale and impact.”
Pulling the plug, he acknowledges, can sometimes be effective, but it’s not preferred. It can be highly disruptive, and sophisticated attackers often deploy methods of regaining access once systems come back online.
Admission of failure?
Another angle is perception. If you do pull the plug, are you effectively admitting failure? Rafal Los, podcast host and head of services GTM at ExtraHop, suggests yes. “That’s one of the few things I’d fire a CISO for – you’re having a security issue and you have to shut down business? You’re fired,” he says.
Los cites the 2003 SQL Slammer worm as an example of when networks collapsed entirely, leaving shutdown as the only option. But a mere 18 months later, he says, better practices allowed for more surgical interventions, like shutting down specific network segments or ports.
“In 2025, this cannot be a working strategy,” Los argues. “If the answer is ‘shut it all down’, then you’ve got what you perceive to be an uncontrollable bleed in one of your fingers, and your answer is to lop it off.”
He points out that micro-segmentation and zero trust have been discussed for years. If the playbook still ends with pulling the power cable, that signals you’ve lost visibility and control. “At that point, that is every cyber security expert’s absolute worst nightmare,” he says. “I can’t imagine giving the advice to somebody to just shut it down. That sounds, dare I say it, just irresponsible.”
The precedent
Despite these warnings, there are high-profile examples of shutdowns. According to Newsweek, a 2012 cyber attack on Saudi Aramco saw the Shamoon virus delete hard drives, forcing the company to destroy more than 30,000 computers.
Similarly, the 2021 attack on Colonial Pipeline led to several systems being taken offline to contain the breach. That move temporarily halted pipeline operations and disrupted multiple IT systems.
Los acknowledges there are extreme cases where shutting down everything is the only option. But, he said, if that’s the only solution on the table, it reflects being “wholly unprepared as an organisation”.
Rawlins agreed that cutting internet access mid-attack can sometimes make sense, as it deprives attackers of their command-and-control node. But the wider consequences – what else depends on that connectivity – must be weighed.
Final thoughts
Fictional depictions of cyber security often portray pulling the plug as the dramatic solution. But in reality, it’s rarely the final or best option. More often, it reflects poor network architecture or insufficient segmentation.
The true solution lies in preparedness: segmentation, playbooks and rehearsed incident response plans. In cyber security, switching it off and on again may work for some problems – but when it comes to an active attack, it’s rarely the best option.
OpenAI’s chief communications officer, Hannah Wong, announced internally on Monday that she is leaving the company in January, WIRED has learned. In a statement to WIRED, OpenAI spokesperson Kayla Wood confirmed the departure.
“Hannah has played a defining role in shaping how people understand OpenAI and the work we do,” said CEO Sam Altman and CEO of applications Fidji Simo in a joint statement. “She has an extraordinary ability to bring clarity to complex ideas, and to do it with care and grace. We’re deeply grateful for her leadership and partnership these last five years, and we wish her the very best.”
Wong joined OpenAI in 2021 when it was a relatively small research lab, and has led the company’s communications team as ChatGPT has grown into one of the world’s largest consumer products. She was considered instrumental in leading the company through the PR crisis that was Altman’s brief ouster and re-hiring in 2023—a period the company internally calls “the blip.” Wong assumed the chief communications officer role in August 2024, and has expanded the company’s communications team since then.
In a drafted LinkedIn post shared with WIRED, Wong said that OpenAI’s VP of communications, Lindsey Held, will lead the company’s communications team until a new chief communications officer is hired. OpenAI’s VP of marketing, Kate Rouch, is leading the search for Wong’s replacement.
“These years have been intense and deeply formative,” said Wong in the LinkedIn post. “I’m grateful I got to help tell OpenAI’s story, introduce ChatGPT and other incredible products to the world, and share more about the people forging the path to AGI during an extraordinary moment of growth and momentum.”
Wong says she looks forward to spending more time with her husband and kids as she figures out the next chapter in her career.
The UK government has launched a Women in Tech Taskforce, designed to dismantle the current barriers faced by women working in, or wanting to work in, the tech sector.
Made up of several experts from the technology ecosystem, the taskforce’s main aim is to boost economic growth, after the recent government-backed Lovelace report found the UK is suffering an annual loss of between £2bn and £3.5bn as a result of women leaving the tech sector or changing roles.
The UK’s technology secretary, Liz Kendall, said: “Technology should work for everyone. That is why I have established the Women in Tech Taskforce, to break down the barriers that still hold too many people back, and to partner with industry on practical solutions that make a real difference.
“This matters deeply to me. When women are inspired to take on a role in tech and have a seat at the table, the sector can make more representative decisions, build products that serve everyone, and unlock the innovation and growth our economy needs.”
The percentage of women in the technology workforce remains at around 22%, having grown marginally over the past five years, and the recent Lovelace report found between 40,000 and 60,000 women are leaving digital roles each year, whether for other tech roles or to leave tech for good.
When women are inspired to take on a role in tech and have a seat at the table, the sector can make more representative decisions, build products that serve everyone, and unlock the innovation and growth our economy needs Liz Kendall, Department for Science, Innovation and Technology
There are many reasons for this, one being the lack of opportunity to advance their career in their current roles. Research by other organisations has found a lack of flexibility at work and bias also play a part in either preventing women from joining the sector or contributing to their decision to leave IT.
The issues can be traced all the way to school-aged girls, who often choose not to continue with technology subjects. One reason for this is that misconceptions about the skills needed for a tech role make young women feel the sector isn’t for them.
Headed up by the founder and CEO of Stemettes, Anne-Marie Imafidon, the founding members of the taskforce include:
Liz Kendall, secretary of state for science, innovation and technology.
Anne-Marie Imafidon, founder of Stemettes; Women in Tech Envoy.
Allison Kirkby, CEO, BT Group.
Anna Brailsford, CEO and co-founder, Code First Girls.
Francesca Carlesi, CEO, Revolut.
Louise Archer, academic, Institute of Education.
Karen Blake, tech inclusion strategist; former co-CEO of the Tech Talent Charter.
Hayaatun Sillem, CEO, Royal Academy of Engineering.
Kate Bell, assistant general secretary, TUC.
Amelia Miller, co-founder and CEO, ivee.
Ismini Vasileiou, director, East Midlands Cyber Security Cluster.
Emma O’Dwyer, director of public policy, Uber.
These experts will help the government “identify and dismantle” the barriers preventing women from joining or staying in the tech sector across the areas of education, training and career progression.
They will also advise on how to support and grow diversity in the UK’s tech ecosystem and replicate the success of organisations that already have an even gender split in their tech remits.
Collaboration has been heavily pinpointed in the past as being the only way sustained change can be developed when it comes to diversity in tech, with the taskforce working on advising the government on policy, while also consulting on how government, the tech industry and education providers can work together to make it easier to increase and maintain the number of women in tech.
The taskforce will work in tandem with other government initiatives aimed at encouraging women and young people into technology careers, such as the recently launched TechFirst skills programme and the Regional Tech Booster programme, among others.
The first meeting of the Women in Tech Taskforce took place on 15 December 2025.
I love having a whimsical, comfortable wardrobe, and that doesn’t apply just to daytime clothes. My pajama collection is quite extensive, with the added requirement that each pair be both cooling and extra soft. I’m someone who overheats easily in her sleep, and with sensitive skin, it’s not a winning combination.
I’ve been growing my Cozy Earth pajama collection for years, usually getting a new set during Black Friday. Obviously, that shopping event has come and gone, but this sale gives you one more chance. And, believe it or not, it’s even better than what Cozy Earth ran sale-wise for its pajamas during Cyber Week.
Politics1 week ago
Politics1 week ago
Politics5 days ago
Fashion1 week ago
Tech6 days ago
Entertainment1 week ago
Sports5 days ago