Why OT and IT credential convergence is the energy sector’s defining vulnerability

The February 2021 attack on Oldsmar's water treatment facility in Florida began with a single compromised credential. Within minutes, an attacker had gained remote access and attempted to poison the water supply for 15,000 residents by increasing sodium hydroxide levels to dangerous concentrations. Only quick intervention by an on-site operator prevented catastrophe.

This incident crystallises a fundamental shift in critical infrastructure security. As operational technology (OT) systems converge with IT networks, the traditional air-gap defence has dissolved. What remains is an authentication architecture designed for office environments, now protecting systems that control power grids, refineries, and water supplies.

The convergence problem

Energy sector organisations face an unprecedented authentication challenge. Legacy OT systems, designed for isolation and reliability, now require connectivity for efficiency and monitoring. Meanwhile, IT systems demand flexibility and user convenience. The result is a hybrid environment where industrial control systems share network infrastructure with corporate applications, each governed by incompatible security models.

The complexity multiplies across typical energy infrastructure. A single facility might host distributed control systems managing turbines, SCADA networks monitoring transmission lines, enterprise resource planning systems tracking maintenance, and cloud-based analytics platforms optimising performance. Each system requires authentication, yet none were designed to work together securely.

This convergence creates what security researchers term "credential sprawl" – the proliferation of usernames, passwords, certificates, and tokens across systems. Workers managing both IT and OT systems often reuse credentials or store them in accessible locations to maintain operational efficiency. The result is an expanded attack surface where compromise of any single credential can cascade across both domains.

The scale of exposure

Recent data reveals the magnitude of this vulnerability. The 2023 Verizon Data Breach Investigations Report found that 49% of breaches involved stolen credentials, with critical infrastructure sectors experiencing a 13% increase year-over-year. Within energy specifically, the Industrial Control Systems Cyber Emergency Response Team reported 70 incidents in 2022, with 43% attributed to credential-based attacks.

More alarming is the convergence trend itself. Dragos Inc.'s 2023 Industrial Cybersecurity Year in Review found that 74% of industrial organisations now have some level of IT-OT network convergence, compared to 52% in 2020. Yet only 31% have implemented unified authentication policies across both domains.

The financial implications are substantial. According to IBM's Cost of a Data Breach Report 2023, critical infrastructure breaches cost an average of $5.04 million – 4.5% above the global average. For energy companies specifically, operational disruption costs can exceed security remediation by a factor of ten, as extended outages trigger regulatory penalties and customer compensation requirements.

Perhaps most concerning is the persistence problem. Mandiant's M-Trends 2023 report found that attackers maintain access to critical infrastructure networks for an average of 146 days before detection. During this period, they often establish multiple credential-based footholds, making complete remediation extremely difficult.

Why current solutions fall short

Traditional identity and access management approaches prove inadequate for this converged environment. Single sign-on systems, designed for IT convenience, often cannot integrate with industrial protocols. Privileged access management tools may protect high-value accounts but leave standard OT credentials exposed. Multi-factor authentication, while valuable, can be bypassed through credential stuffing or social engineering.

The fundamental problem lies deeper than tool selection. Most authentication systems assume users should create, know, and control their own credentials. This user-centric model prioritises convenience over security, allowing password reuse, weak credential selection, and insecure storage practices.

Zero Trust architectures, increasingly popular in enterprise IT, face similar limitations in OT environments. While continuous verification improves security posture, these systems still rely on initial credential-based authentication. If those underlying credentials are compromised, Zero Trust verification becomes meaningless.

Rethinking credential control

A structural solution requires abandoning user-controlled credentials entirely. Instead of allowing workers to create and manage authentication tokens, organisations must generate, distribute, and revoke every credential through centralised systems. Users should never see, store, or control the credentials that grant them access.

This approach, exemplified by solutions like MyCena's patented credential control technology, inverts the traditional model. Rather than protecting user-held credentials, it eliminates user credential visibility entirely. Access becomes unphishable because workers cannot inadvertently share what they do not possess.

The technology encrypts and distributes credentials automatically based on role requirements and security policies. When access is needed, the system provides temporary, encrypted tokens that authenticate without user knowledge. Revocation becomes instantaneous since credentials exist only within the managed system.

For energy sector applications, this model addresses both IT and OT requirements. IT systems benefit from seamless authentication without password management overhead. OT systems gain modern authentication capabilities without compromising operational reliability. The unified approach eliminates credential sprawl by centralising all authentication tokens under organisational control.

The strategic imperative

Energy sector leaders face a clear choice. The convergence of IT and OT systems is irreversible, driven by efficiency demands and digital transformation initiatives. Traditional credential management approaches, designed for simpler environments, cannot secure this new reality.

Regulatory pressure intensifies this timeline. The EU's NIS2 Directive, effective October 2024, explicitly requires critical infrastructure operators to implement "state-of-the-art" cybersecurity measures. US pipeline operators face similar requirements under Transportation Security Administration directives following Colonial Pipeline's 2021 ransomware attack.

The solution requires recognising that identity and access are distinct concepts. Workers need verified identity to perform their roles, but they do not need to hold the credentials that grant system access. By separating these functions, organisations can maintain operational efficiency while achieving unprecedented security resilience.

The question is not whether credential-based attacks will target converged IT-OT infrastructure – they already have. The question is whether energy sector organisations will abandon vulnerable authentication models before the next Oldsmar incident succeeds.

Why IAM, PAM, and Zero Trust all leave the same credential gap

When Medibank's systems were breached in October 2022, exposing the personal health information of 9.7 million customers, investigators traced the attack's origin to compromised credentials. Despite multi-million-dollar investments in identity and access management systems, privileged access management tools, and emerging zero-trust architectures, the fundamental vulnerability remained unchanged: users controlled their own credentials, making them inherently susceptible to social engineering and phishing attacks.

The persistent credential problem in financial services

Financial institutions face a structural paradox. They implement sophisticated security frameworks—identity and access management (IAM) for user authentication, privileged access management (PAM) for critical system access, and zero-trust architectures for network security—yet credential compromise remains the primary attack vector. The 2023 Verizon Data Breach Investigations Report found that stolen credentials were involved in 49% of breaches across all sectors, rising to 55% specifically within financial services.

This vulnerability stems from a fundamental design flaw: organisations authenticate identity but delegate credential control to users. Whether accessing core banking systems, insurance underwriting platforms, or customer databases, employees create, remember, and manage passwords themselves. This human element introduces systemic risk that no amount of perimeter security can eliminate.

Regulatory frameworks acknowledge this reality. The Financial Conduct Authority's operational resilience requirements mandate that firms "identify, monitor and manage" operational risks, explicitly including cyber threats. Similarly, Solvency II requires insurers to maintain "effective system of governance" over operational risks, while PCI DSS standards demand "strong access control measures" for payment processing environments.

The scale of credential vulnerability

Recent data illustrates the magnitude of this challenge. IBM's 2023 Cost of a Data Breach Report found that compromised credentials were the most common initial attack vector, present in 16% of all breaches and resulting in an average cost of $4.62 million per incident. For financial services specifically, this figure rises to $5.90 million—the highest across all industries.

The European Banking Authority's 2023 risk assessment identified credential compromise as a "high-priority risk" for EU financial institutions, noting a 78% increase in successful phishing attacks targeting banking credentials between 2022 and 2023. Within insurance, Lloyd's of London reported that 68% of cyber insurance claims in 2023 originated from compromised user credentials, representing £2.1 billion in total payouts.

Perhaps most concerning is the persistence of this vulnerability despite security investments. Gartner estimates that global spending on IAM solutions reached $16.9 billion in 2023, yet credential-based attacks continue to increase. The Ponemon Institute found that 65% of organisations experienced credential-related security incidents within the past 24 months, despite implementing multi-factor authentication and privileged access management systems.

Why current security architectures fail

Traditional security tools address symptoms rather than the underlying structural problem. IAM systems excel at verifying user identities once credentials are provided, but cannot prevent credential theft in the first place. PAM solutions secure privileged accounts through session monitoring and access controls, yet remain vulnerable if underlying credentials are compromised through phishing or social engineering.

Zero-trust architectures represent the most sophisticated approach, continuously verifying access requests and assuming no implicit trust. However, even zero-trust models typically rely on user-controlled credentials for initial authentication. If attackers obtain these credentials through phishing—increasingly sophisticated attacks that can bypass multi-factor authentication—they can potentially satisfy zero-trust verification requirements.

Single sign-on (SSO) solutions, while improving user experience, actually increase risk concentration. A single compromised credential can provide access to multiple systems, amplifying potential damage. Multi-factor authentication adds security layers but remains vulnerable to advanced phishing techniques and SIM-swapping attacks.

A structural approach to credential control

The solution requires fundamentally restructuring credential ownership. Rather than users creating and controlling credentials, organisations must generate, distribute, and manage all authentication materials directly. This approach ensures users never see, store, or transmit credentials—eliminating the human element that enables phishing and social engineering.

Under this model, credentials remain encrypted within organisational control systems, released only for specific authentication events through secure channels. Users authenticate through biometric or hardware-based methods, triggering automated credential release without human intervention. This architecture makes credentials "unphishable"—attackers cannot steal what users never possess.

Implementation requires minimal disruption to existing systems. Current IAM, PAM, and zero-trust investments remain valuable, enhanced by removing their shared vulnerability point. Authentication becomes organisationally controlled while preserving established access management frameworks.

Strategic implications

Financial institutions and insurers face a clear choice: continue investing in perimeter security while leaving the credential gap exposed, or address the structural vulnerability directly. Given regulatory pressures, rising breach costs, and increasing attack sophistication, organisations that fail to control credentials face escalating operational and reputational risks.

The technology exists to eliminate credential-based vulnerabilities entirely. The question is whether financial services leaders will recognise that identity verification and access control, while necessary, are insufficient without organisational credential control.

Why Clinical Staff Controlling Their Own Credentials Is a Structural HIPAA Failure

When hackers breached CommonSpirit Health in October 2022, compromising 623,774 patient records across 142 hospitals, the attack vector was disturbingly familiar: compromised employee credentials. The cybercriminals didn't exploit a sophisticated zero-day vulnerability or breach air-gapped systems. They simply used legitimate clinical staff login details to access protected health information, highlighting a fundamental flaw in how healthcare organisations approach credential security.

The breach underscores a critical structural problem that permeates healthcare cybersecurity: clinical staff creating, controlling, and ultimately compromising their own digital credentials creates an inherent HIPAA compliance failure that no amount of additional security layers can fully address.

The Healthcare Credential Control Problem

Healthcare organisations face a unique challenge in credential management. Unlike other sectors, clinical environments require rapid access to patient data across multiple systems, often in life-or-death situations. This urgency has traditionally justified allowing healthcare workers to create and manage their own passwords, PINs, and authentication methods.

However, this approach creates what security experts term "credential sprawl" – a phenomenon where individual users accumulate dozens of self-created login details across electronic health records (EHR), pharmaceutical databases, medical device interfaces, and administrative systems. Each credential represents a potential entry point for malicious actors seeking access to protected health information (PHI).

The problem extends beyond simple password hygiene. When clinical staff control their own credentials, they inevitably reuse passwords across systems, store them in unsecured locations, or share them with colleagues during shift changes. This behaviour, while understandable given operational pressures, creates systematic HIPAA violations that organisations struggle to detect or prevent.

The Scale of Healthcare Cybersecurity Breaches

Healthcare data breaches have reached epidemic proportions. According to the Department of Health and Human Services' Office for Civil Rights, healthcare organisations reported 707 data breaches affecting 500 or more individuals in 2023, exposing over 133 million patient records – a 141% increase from 2022.

The financial impact is equally severe. IBM's 2023 Cost of a Data Breach Report found healthcare breaches cost an average of $10.93 million per incident, nearly three times the cross-industry average of $4.45 million. More critically, the Ponemon Institute's research indicates that 83% of healthcare breaches involve compromised credentials as either the primary attack vector or a significant contributing factor.

These statistics reveal a troubling pattern: despite substantial investments in cybersecurity infrastructure, healthcare organisations remain vulnerable to attacks that exploit the fundamental weakness of user-controlled credentials. The problem isn't technological sophistication – it's structural control.

Why Traditional Security Tools Miss the Mark

Healthcare organisations typically respond to credential-related breaches by layering additional security technologies. Identity and Access Management (IAM) systems promise better user provisioning. Privileged Access Management (PAM) tools monitor high-risk accounts. Single Sign-On (SSO) reduces password fatigue. Multi-Factor Authentication (MFA) adds verification steps. Zero Trust architectures assume breach and verify continuously.

Yet these solutions share a critical flaw: they still permit users to create, know, and control their own credentials. IAM systems may enforce password complexity, but users still choose and remember passwords. PAM tools may monitor privileged sessions, but users still input their own authentication factors. SSO may reduce the number of passwords, but users still control the master credential. MFA may add security layers, but users still possess the primary authentication factor.

This fundamental design assumption – that users should control their own credentials – creates an irreducible security vulnerability. Social engineering attacks, phishing campaigns, and credential stuffing attacks all exploit this user control to gain unauthorised access to healthcare systems.

The Structural Solution: Organisational Credential Control

Addressing healthcare's credential security crisis requires abandoning the assumption that users should control their own authentication factors. Instead, organisations must generate, distribute, and revoke every credential without users ever seeing or controlling them.

This approach, termed "credential custody," ensures that healthcare organisations maintain complete control over access to PHI. When the organisation generates encrypted credentials and distributes them through secure channels, clinical staff can access necessary systems without ever possessing the underlying authentication secrets. When staff leave, change roles, or face security concerns, the organisation can instantly revoke access without relying on user cooperation or password changes.

MyCena's patented credential control technology demonstrates how this structural approach works in practice. Rather than asking clinical staff to create passwords, the system generates encrypted access credentials that users never see. Authentication happens automatically through secure organisational channels, eliminating the possibility of credential compromise through user action or inaction.

This isn't simply an additional security layer – it's a fundamental restructuring of the relationship between identity and access. Clinical staff retain their identity and role-based permissions, but the organisation maintains exclusive control over the mechanisms that grant system access.

The HIPAA Compliance Imperative

For healthcare organisations, implementing credential custody isn't merely a security best practice – it's a HIPAA compliance necessity. The regulation's Administrative Safeguards require covered entities to "assign a unique name and/or number for identifying and tracking user identity." When users control their own credentials, organisations cannot truly verify user identity or track access with the certainty HIPAA demands.

Furthermore, HIPAA's Access Management standard requires organisations to implement "procedures for granting access to electronic protected health information." User-controlled credentials make it impossible to implement genuine access control procedures, since users can modify, share, or compromise their authentication factors without organisational knowledge.

Healthcare CISOs and compliance officers should evaluate their current credential management practices against these HIPAA requirements. Organisations that allow clinical staff to create and control their own credentials may face regulatory exposure that extends beyond cybersecurity concerns to fundamental compliance failures.

The path forward requires recognising that identity and access are separate concepts. Clinical staff identities – their roles, permissions, and responsibilities – can remain unchanged while organisations assume complete control over access mechanisms. This structural shift transforms credential security from a user responsibility to an organisational capability, finally aligning cybersecurity practices with HIPAA compliance requirements.

Why cleared personnel controlling their own credentials is a national security vulnerability

The recent breach of Snowflake's cloud infrastructure, which compromised data from over 165 major organisations including Ticketmaster and Santander Bank, began with a single compromised credential. More concerning for national security professionals: the attack vector wasn't a sophisticated zero-day exploit, but credentials stolen from an employee's personal device through common malware. When personnel with security clearances control their own access credentials, they create systemic vulnerabilities that no amount of training or technology layering can fully mitigate.

The credential control paradox in defence organisations

Defence contractors, government agencies, and cleared facilities operate under a fundamental security contradiction. While physical access to sensitive areas requires strict organisational control—with badges issued, tracked, and revoked centrally—digital access credentials remain largely under individual user control. Personnel create their own passwords, manage their own authentication tokens, and store credentials on personal devices and browsers.

This approach violates basic security principles that govern every other aspect of classified environments. No cleared facility would allow personnel to manufacture their own security badges or choose their own access codes. Yet the digital equivalent happens thousands of times daily across the defence sector, creating attack surfaces that hostile actors actively exploit.

The problem extends beyond weak passwords. Even when organisations mandate complex password policies and multi-factor authentication, the fundamental vulnerability remains: users possess and control the very credentials that grant access to sensitive systems. This possession creates multiple exploitation vectors that sophisticated adversaries understand and target systematically.

The scale of the credential compromise problem

Current breach statistics reveal the magnitude of this vulnerability. According to Verizon's 2024 Data Breach Investigations Report, 68% of breaches involve a human element, with stolen credentials accounting for 31% of all data breaches—making it the second most common attack vector after social engineering. For government and defence contractors, these figures represent more than financial risk; they constitute potential national security compromises.

The Cybersecurity and Infrastructure Security Agency (CISA) reports that in 2023, credential-based attacks increased by 71% compared to the previous year. Their analysis of nation-state attacks shows that 89% began with compromised user credentials, often obtained through phishing campaigns specifically targeting cleared personnel.

More troubling is the persistence of these attacks. IBM's Cost of a Data Breach Report 2024 found that breaches involving stolen credentials took an average of 292 days to identify and contain—nearly ten months during which adversaries maintain unauthorised access to sensitive systems. For organisations handling classified information, this timeline represents an unacceptable window of potential intelligence compromise.

The human factor compounds these risks exponentially. Research from the SANS Institute indicates that 61% of security professionals reuse passwords across multiple systems, including personal accounts that lack enterprise-grade security controls. When these personal accounts are compromised—as occurred in the Snowflake breach—the exposure can cascade into organisational systems.

Why current security solutions fail to address the root cause

Modern security architectures typically layer multiple technologies: Identity and Access Management (IAM), Privileged Access Management (PAM), Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Zero Trust frameworks. While these tools provide valuable security enhancements, they fail to address the fundamental vulnerability because they still rely on user-controlled credentials.

IAM systems excel at managing user identities and permissions but typically allow users to create and manage their own passwords. PAM solutions secure privileged accounts but often through password vaults that users must access—creating another credential-dependent layer. SSO reduces the number of credentials users must remember but concentrates risk in master credentials that users still control.

MFA adds authentication factors but doesn't eliminate credential exposure. Sophisticated attacks increasingly target MFA systems through techniques like SIM swapping, social engineering, and malware that intercepts authentication tokens. The Lapsus$ group's attacks on Microsoft and other major organisations demonstrated how MFA can be bypassed when attackers gain access to user-controlled credentials and devices.

Zero Trust architectures represent a significant advancement in security thinking by assuming breach and continuously verifying trust. However, most implementations still rely on user-controlled credentials for initial authentication, creating a single point of failure that undermines the entire security model.

The structural solution: organisational credential control

The solution requires a fundamental architectural shift: organisations must control the entire credential lifecycle, from generation through distribution to revocation. Rather than allowing users to create or possess credentials, secure systems should generate credentials organisationally, distribute them through encrypted channels, and maintain complete control over their usage.

This approach treats digital credentials like physical security tokens in a classified facility. Users receive access through organisationally controlled mechanisms but never possess or control the underlying authentication materials. When access is required, the system authenticates users through credentials they cannot see, copy, or compromise.

MyCena's patented technology demonstrates how this principle works in practice. The platform generates unique, encrypted credentials for each user and system interaction, but users never possess or control these credentials directly. Access becomes truly unphishable because there are no user-controlled credentials to steal or compromise. The organisation maintains complete oversight of credential generation, distribution, and revocation, creating an audit trail that meets the most stringent compliance requirements.

This approach aligns with regulatory frameworks including NIST 800-53 controls for access management, DoD 8570 requirements for information assurance, and FedRAMP authorization standards. By removing user control over credentials, organisations can demonstrate compliance with principles-based security requirements rather than relying solely on checklist approaches.

Strategic implications for defence organisations

The shift from user-controlled to organisation-controlled credentials represents more than a technical change; it requires a fundamental reimagining of access management strategies. Defence organisations that implement credential control gain several strategic advantages: genuinely unphishable access, complete audit visibility, and simplified compliance demonstration.

For security professionals responsible for protecting classified information, the choice is increasingly clear. Continuing to allow cleared personnel to control their own credentials perpetuates a fundamental vulnerability that sophisticated adversaries understand and exploit. Organisational credential control provides a structural solution that addresses the root cause rather than merely adding additional layers of complexity.

The question facing defence leaders is not whether credential-based attacks will continue—they will intensify. The question is whether organisations will address the fundamental vulnerability or continue attempting to solve it through technological layering that leaves the core problem intact.

How M&S Lost £300m to a Credential It Didn’t Control

When Marks & Spencer's former head of technology sold the retailer's customer database to competitors in 2022, the £300 million damages weren't just about lost data. They revealed a fundamental weakness in how financial services and retail organisations control access to their most valuable assets.

The M&S case, which concluded in the High Court this year, centred on a senior executive who retained access to critical systems after joining a competitor. Despite sophisticated identity management systems, the organisation had no control over the actual credentials that unlocked its commercial crown jewels.

The Hidden Vulnerability in Financial Services Access Control

Financial services firms invest heavily in identity and access management, yet most operate under a dangerous assumption: that users will responsibly manage the credentials they create. This model treats identity verification and access control as synonymous—a conflation that costs the sector billions annually.

The fundamental issue isn't who someone is, but how they access systems. Current approaches focus on authenticating identity through passwords, tokens, or biometrics that users ultimately control. Once authenticated, these credentials become transferable assets that can be shared, stolen, or retained beyond employment.

For financial institutions handling sensitive customer data, trading algorithms, or regulatory filings, this represents an unquantified risk. The moment an employee creates a password or receives an authentication token, the organisation cedes control of that access pathway.

The Scale of Credential-Based Losses

Industry data reveals the magnitude of this vulnerability. The 2024 Verizon Data Breach Investigations Report found that 68% of breaches in financial services involved human elements—predominantly credential misuse rather than sophisticated technical attacks.

IBM's Cost of a Data Breach Report 2024 places the average cost of a financial services breach at £4.8 million, with credential compromise being the leading attack vector in 31% of cases. More significantly, breaches involving stolen credentials take an average of 292 days to identify and contain—nearly double the timeline for other attack types.

The Financial Conduct Authority's annual enforcement actions provide additional context. In 2023, UK financial firms faced £206 million in penalties, with operational resilience failures—often linked to inadequate access controls—representing the fastest-growing category of violations.

These figures exclude the hidden costs of insider threats and competitive intelligence loss, as demonstrated in the M&S case, where the damage extended far beyond immediate financial penalties to encompass long-term market disadvantage.

Why Current Solutions Fall Short

Identity and Access Management (IAM) systems excel at verifying who should have access but cannot control how that access is exercised once granted. Even sophisticated implementations using role-based access control merely determine the scope of permissions, not the security of the access mechanism itself.

Privileged Access Management (PAM) solutions attempt to address this by monitoring and recording high-risk activities, but they fundamentally rely on users controlling their own authentication. A privileged user with legitimate credentials appears identical to a malicious actor using those same credentials.

Single Sign-On (SSO) systems consolidate the problem rather than solve it. By reducing multiple credentials to a single authentication point, they create a more valuable target while maintaining user control over the critical access pathway.

Multi-Factor Authentication (MFA) adds layers of verification but doesn't address the core issue. The factors—whether SMS codes, authenticator apps, or hardware tokens—remain under user control and can be transferred, shared, or compromised.

Zero Trust architectures promise "never trust, always verify" but typically implement this through user-controlled credentials verified at each access point. The trust model remains fundamentally flawed if the verification mechanism itself cannot be trusted.

The common thread across all these approaches is that they enhance the security of user-controlled credentials rather than eliminating user control entirely.

The Structural Solution: Organisational Credential Control

The solution requires inverting the current model. Instead of users creating and controlling their own access credentials, organisations must generate, distribute, and revoke every credential while ensuring users never gain direct control over them.

This approach, implemented through encrypted credential distribution systems, maintains credentials in an organisationally controlled state throughout their lifecycle. When an employee requires system access, they receive an encrypted credential that operates transparently without revealing its contents or allowing manual manipulation.

The distinction is critical: users retain the ability to access necessary systems while losing the ability to extract, share, or retain the underlying credentials. This creates genuinely unphishable access—credentials cannot be stolen because they cannot be seen or manually transmitted.

From a regulatory perspective, this model aligns with emerging requirements around operational resilience and third-party risk management. The FCA's operational resilience framework emphasises maintaining control over critical business services, which necessarily includes controlling how those services are accessed.

For financial institutions, the implications extend beyond security to competitive advantage. In an industry where proprietary algorithms, customer insights, and trading strategies represent core value, controlling access to these assets becomes a strategic imperative rather than merely a compliance requirement.

The Strategic Imperative

Financial services leaders face a binary choice. They can continue refining systems that ultimately depend on user-controlled credentials, accepting the inherent risks and associated costs, or they can implement structural solutions that eliminate user credential control entirely.

The M&S case provides a stark illustration of these costs in practice. Beyond the immediate £300 million damages, the breach highlighted how traditional access controls fail when facing determined insiders with legitimate but uncontrolled credentials.

For organisations serious about protecting their competitive position and regulatory standing, the question is not whether to implement organisational credential control, but how quickly they can deploy it across their most critical systems.

The technology exists. The regulatory drivers are clear. The only remaining variable is organisational willingness to challenge the fundamental assumption that users must control their own access credentials.

Tier 1, 2, and 3 suppliers hold credentials to your production systems. All of them.

When Toyota shut down 28 manufacturing plants across Japan in February 2022 following a cyberattack on supplier Kojima Industries, the automotive giant's production ground to a halt for an entire day. The breach cost Toyota an estimated 13,000 vehicles in lost production. The attack vector? Compromised supplier credentials that provided direct access to Toyota's production planning systems.

This incident exposed a fundamental vulnerability in modern manufacturing: every tier of your supply chain holds digital keys to your most critical systems. From Tier 1 suppliers managing just-in-time inventory flows to Tier 3 vendors monitoring equipment sensors, each partner requires authenticated access to production networks. Each represents a potential entry point for threat actors.

The manufacturing credential paradox

Manufacturing's digital transformation has created an intricate web of system interdependencies. Production lines rely on real-time data exchanges between OEMs, suppliers, logistics providers, and maintenance contractors. Industry 4.0 initiatives have only intensified these connections, with suppliers now accessing predictive maintenance dashboards, inventory management systems, and quality control databases.

Consider a typical automotive manufacturer: Tier 1 suppliers need access to production scheduling systems to coordinate just-in-time deliveries. Tier 2 component manufacturers require visibility into demand forecasts and quality specifications. Tier 3 raw material suppliers must integrate with procurement platforms and compliance reporting tools. Each access point requires credentials—usernames, passwords, API keys, or certificates.

The mathematical reality is stark: a manufacturing organisation with 200 suppliers, each requiring access to an average of three systems, creates 600 potential credential-based attack vectors. Traditional security models assume these credentials remain secure across hundreds of external organisations, each with varying cybersecurity maturity levels.

The data tells the story

Recent research from IBM's Cost of a Data Breach Report 2023 found that 19% of breaches in manufacturing originated from compromised partner credentials, with an average cost of $4.45 million per incident. The manufacturing sector ranked third-highest for credential-based attacks, behind only financial services and healthcare.

Ponemon Institute's 2023 State of Third-Party Risk Management study revealed that 56% of manufacturing executives experienced a data breach caused by third-party access in the past 24 months. More concerning, 74% of manufacturers admitted they have limited visibility into how suppliers manage credentials for accessing their systems.

The UK's National Cyber Security Centre reported a 300% increase in supply chain attacks targeting manufacturing between 2021 and 2023, with 82% involving compromised supplier credentials as the initial attack vector.

Operational disruption amplifies financial impact in manufacturing. When production stops, costs compound rapidly. Deloitte's Supply Chain Risk Survey found that manufacturers experiencing credential-related supply chain breaches faced an average of 3.2 days of production downtime, translating to $1.2 million in lost revenue per day for mid-sized manufacturers.

Why conventional security tools miss the mark

Identity and Access Management (IAM) systems excel at managing internal employee access but struggle with external supplier credentials. IAM platforms typically rely on suppliers to self-manage their authentication, creating visibility gaps and inconsistent security policies across the supply chain.

Privileged Access Management (PAM) solutions provide session monitoring and credential vaulting but require suppliers to access a centralised portal—often impractical for real-time manufacturing integrations. PAM systems also depend on suppliers following prescribed access procedures, introducing friction that operational teams frequently bypass.

Single Sign-On (SSO) reduces credential proliferation but doesn't eliminate it. Suppliers still hold the initial authentication credentials needed to access SSO systems. Furthermore, SSO creates a single point of failure: compromise one supplier's SSO credentials, and multiple systems become accessible.

Multi-Factor Authentication (MFA) adds security layers but remains vulnerable to sophisticated attacks. The 2023 Lapsus$ campaigns demonstrated how threat actors bypass MFA through social engineering, SIM swapping, and prompt bombing techniques. For suppliers operating across multiple time zones with varying technical capabilities, MFA implementation often becomes inconsistent.

Zero Trust architectures improve network segmentation and continuous verification but still rely on traditional credential models. Zero Trust validates that supplied credentials are authentic but cannot prevent their theft or misuse if compromised at the supplier's end.

The fundamental flaw in all these approaches: they assume suppliers can securely hold and manage credentials. In reality, suppliers face the same credential security challenges as any organisation, often with fewer resources and less mature cybersecurity programmes.

Rethinking credential ownership

The solution requires inverting the traditional credential model. Instead of distributing credentials to suppliers and hoping they remain secure, manufacturers need to retain complete control over authentication while maintaining operational efficiency.

MyCena's patented approach separates identity from access by ensuring suppliers never possess usable credentials. The system generates unique, encrypted credentials for each supplier interaction and transmits them through secure channels directly to authentication systems. Suppliers receive access to required systems without ever seeing, storing, or potentially compromising the underlying credentials.

This model makes phishing attacks ineffective—suppliers cannot surrender credentials they don't possess. Social engineering fails when targets have no authentication secrets to divulge. Even if a supplier's systems are completely compromised, threat actors find no credentials to steal or misuse.

For manufacturers, this approach provides complete audit trails, real-time access control, and instant revocation capabilities across the entire supply chain. When supplier relationships change or security incidents occur, access can be immediately terminated without requiring coordination with external parties.

The competitive imperative

Manufacturing operates on razor-thin margins where security breaches can eliminate quarters of profitability. As supply chains become more digitally integrated, credential security will increasingly differentiate competitive manufacturers from vulnerable ones. Regulations are following suit: the EU's NIS2 Directive and proposed US supply chain security requirements will mandate stricter oversight of supplier access to critical systems.

The question for manufacturing leadership is not whether to address supply chain credential risks, but whether to act before or after a Toyota-scale disruption forces change. In an industry where hours of downtime translate to millions in losses, the mathematics of prevention versus response are compelling.

The next generation of manufacturing security starts with a simple premise: if suppliers don't hold your credentials, they cannot lose them.