Cybersecurity in Manufacturing: Are Seasonal Hires a Risk?

The final quarter of the year is a period of immense pressure for manufacturers and their supply chain partners. As retailers navigate their peak trading season, the demand for production and logistics intensifies.

This operational complexity is compounded by a growing cyber threat, turning the seasonal hiring boom into a potential security risk.

Following a year where cyber attacks have impacted major companies such as M&S, JLR and Balenciaga, the focus must be on maintaining operational integrity. For manufacturers supplying these global brands, the challenge is twofold: meeting exceptional production targets while securing digital infrastructure against a crowded threat landscape.

The convergence of seasonal staffing, increasing demand and cyber threats makes identity management a fragile yet critical control.

Peak production and heightened cyber risk

For manufacturers, the retail sector's "Golden Quarter" translates into a period of maximum output. Any disruption can have significant consequences for downstream partners and annual revenue.

The reliance on digital platforms for managing production schedules, inventory and logistics makes these systems prime targets for cyber criminals. An outage or data breach during this peak window could halt production lines, disrupt supply chains and damage commercial relationships.

Rex Booth, CISO at SailPoint, notes that while businesses are focused on sales, cyber vigilance is essential.

He says that businesses will be “betting on the Golden Quarter and Black Friday to rebuild customer confidence and boost sales following the slew of cyberattacks this year”.

However, Rex warns that increased activity often attracts malicious actors.

Temporary workers and identity management challenges

To cope with demand, manufacturing and logistics firms onboard large numbers of temporary staff – often at great speed. These workers require immediate access to critical systems, from warehouse management platforms to production line controls.

The process, if not managed correctly, can introduce major security gaps.

“Organisations will be onboarding huge volumes of seasonal staff at speed, many of whom will be given instantaneous access to critical systems without proper training and with minimal vetting,” Rex explains.

“Businesses need visibility of who can access what and when – or else an influx of staff coming and going could become a gateway for attackers.”

This rapid onboarding can lead to 'identity sprawl'. The use of generic logins for temporary teams or the reliance on manual processes to track access rights creates blind spots that attackers can exploit.

Furthermore, when the seasonal rush ends, these temporary accounts are not always de-provisioned promptly. These dormant credentials can leave an open door for threat actors long after the employee has left.

Strengthening defences with identity security

Modern manufacturing operations are highly interconnected. Enterprise resource planning (ERP) systems, manufacturing execution systems (MES) and logistics platforms are linked via APIs and cloud services.

This integration means a single compromised identity could allow an attacker to move laterally across business-critical infrastructure, causing widespread disruption beyond data loss.

Locking down systems during a security incident could stop order processing and delay shipments at the worst possible time.

Rex continues: “Identity security tools automatically deactivate dormant accounts of departing employees and ensure current staff only have access to what’s needed for their roles – no more, no less. This makes it harder for attackers to fly under the radar undetected.

“In today’s threat landscape, it only takes one compromised identity and retailers could be facing weeks – or even months – of operational chaos and disruption.”

Even with robust access controls, firms must assume some identities will be compromised. Monitoring user activity for unusual patterns is a crucial line of defence. This could include logins from unexpected locations or attempts to access systems outside a worker’s usual remit.

Platforms like SailPoint use behavioural analytics to flag risky activity, enabling security teams to act. In a high-pressure production environment, this intelligence can be the difference between isolating an intrusion early and discovering it after considerable operational damage has occurred.