Piyush Pandey is the CEO of the security and compliance software company Pathlock. Opinions are the author’s own.
Like many industries, the manufacturing sector experiences cyclical peaks and valleys in activity driven by seasonal and project-based demand, requiring companies to process significant increases and then decreases in staffing to match operational needs.
What may seem like a routine process is, in fact, a challenge from the standpoint of identity-related cyber risks. These risks require close attention from manufacturing organizations, especially as the sector remains a prime target for threats. Failure to do so can result in financial losses, data breaches, regulatory violations and serious reputational harm.
Challenges associated with seasonal spikes in manufacturing demand
The materials and products produced typically dictate when seasonal peaks occur.
Chemical manufacturers producing things like fertilizer, for example, experience their peak during the spring, which results in a major spike in hiring for plants as they ramp up production, and a corresponding decrease during summer, only to ramp up again in the fall. Each spike can require a significant number of employees to be onboarded and then offboarded — an unavoidable trend associated with the ebb and flow of demand for the entire industry.
To adjust staffing accordingly, HR, administrative and IT teams are tasked with managing the onboarding and offboarding of these employees. As part of the hiring process, they must ensure each employee is granted the correct access to corporate systems in a timely manner, while also ensuring the access is compliant and doesn’t pose concerns for fraud or operational risks.
Similar concerns exist with offboarding. Access must be removed in a timely manner and the associated account deactivated.
However, in practice, oversights are not uncommon in the sector. Many manufacturers have been slower to adopt automation in user provisioning and access reviews, meaning that IT and administrative personnel must manually perform all tasks related to onboarding and offboarding users, which is time-consuming and error-prone. Doing so exposes an organization to risks of stale accounts with excessive permissions, which can be exploited by malicious actors.
Third-party vendor reliance adds complexity to managing identity-related risks in the sector. Contractors, vendors, staffing agencies and any other users that have access to the company’s digital environment might pose an entry point for attackers if not managed properly.
One cyber risk is a brute-force attack, in which attackers systematically guess login credentials to gain unauthorized access. These cyberattacks are especially hard to detect when stale accounts remain active.
Disgruntled former employees also pose risks. One example involves a disgruntled, former IT worker at a U.S.-based industrial firm. In 2023, the former employee launched an extortion campaign by remotely accessing an administrator account after termination and caused significant operational disruption. The incident underscores the need for timely and secure offboarding, especially for privileged users.
Addressing identity access concerns with automation
To ensure company data security and business integrity during periods of significant staffing changes, it is important for organizations in the manufacturing sector to be proactive in their approach to identity-related risks. This includes continuously evaluating current business processes to identify potential security gaps and providing the resources to ensure provisioning at the onboarding process, as well as continuously monitoring and revoking employee access in a timely manner during offboarding.
Automated provisioning solutions are highly effective in managing these challenges. By granting limited, time-bound access to employees, contractors and vendors during the duration of their time with the company — and leveraging tools like triggers that immediately identify movement of joiners, movers and leavers within an organization — pressure is taken off of individual humans and an organization’s overall risk posture is limited in the process.
For example, by connecting the automated tools managing provisioning and de-provisioning of access rights to HR systems and databases, this technology can establish certain keywords and identify specific attribute-driven access groupings (i.e. users within the finance department with a title of “X” and a location of “Y”) to establish a collection of access permissions appropriate for that specific role. Then, when the user is noted as terminated within the HR system, it will immediately initiate the revocation of that access.
This not only improves precision and efficiency, but also dramatically reduces the time required to manage these processes. While manual provisioning can take two weeks to complete, automated provisioning typically takes two days. This not only benefits the IT and HR teams, but also the newly hired business users, as there is less down time while they are waiting to gain the access necessary to complete their job.
Staying one step ahead
For the manufacturing industry, the importance of having visibility into and control over these processes is paramount. With innovative technologies that leverage automation to streamline these processes and minimize the potential for human error, they can easily improve execution and safeguard the organization from risk.
Too often, companies place themselves at a disadvantage by waiting until audit failures arise or financial loss occurs to take action. By implementing tools and initiating changes in business processes to proactively manage their digital business risk, they can decrease their risk posture, protect critical company data, maintain compliance with regulatory requirements and ensure continued operational efficiency.
