The greatest risks for cyberattacks often lurk where they are least expected: within the supply chain. Therefore, transparency over all identities and access rights is crucial. AI-supported solutions can help manage the growing threats.
To ensure cybersecurity, transparency throughout the entire supply chain is particularly relevant. Security gaps can arise not only from one's own employees.
Cyberattacks are no longer an exception and have become part of everyday life for German companies. However, the greatest danger often lies where it is least expected: in the supply chain. Many organizations underestimate the risks of a lack of transparency, inadvertently providing attackers with access to sensitive data and systems. The Federal Office for Information Security (BSI) continues to classify the threat level for German companies as "high." The number of reported IT security incidents is increasing, and attackers are becoming increasingly professional. The BSI assumes that this trend will continue.
Without a comprehensive concept for identity security that covers all identities – from employees to third-party providers to machines and AI agents – severe consequences are at risk. Protection against cyberattacks must therefore be a top priority. What is crucial is consistent control over who is allowed to access which resources, regardless of where the identity is located within the supply chain.
A Complex Network of Identities
In the discussion around cybersecurity, companies often focus exclusively on their own full-time and part-time employees. However, modern supply chains have long involved freelancers, external service providers, temporary workers, as well as employees of partner companies and suppliers. These groups are often overlooked and represent potential entry points for cyberattacks. Companies must therefore consistently include all individuals with access to their systems or data in their security strategy, regardless of their employment status or employer.
This is not only about human identities. Due to AI and automation, the number of machine identities is rapidly increasing, such as through software bots or robotic process automation. According to a study by Sailpoint, nearly seven out of ten companies (69 percent) now manage more machine identities than human identities. 57 percent of companies admit that machine identities have already been granted unauthorized access to sensitive data.
But without clearly regulated access, neither the company itself nor the supply chain can be effectively protected. The question is: Who is allowed to access which data, when, why, and for how long?
Excessive Access: An Underestimated Danger
The more complex identity structures become, the harder it gets for companies to manage and protect access to applications and data. The significant increase in unstructured data, such as spreadsheets, emails, and multimedia files, further complicates oversight. The result is excessive access permissions, which in turn create vulnerabilities and make it easier for cybercriminals to infiltrate the corporate structure.
According to the study results, around four out of five companies have already experienced security issues due to improper access. The rapid increase in digital identities and data volumes has led many companies to prioritize simple and fast access processes. This often comes at the expense of IT security. The result is an oversupply of identities, allowing attackers to move unnoticed through networks and gain access to a wide range of data.
Supply Chains as a Gateway
Attacks on companies repeatedly demonstrate how cybercriminals specifically exploit vulnerabilities in the supply chain to gain access to sensitive data and systems. They often succeed in infiltrating IT infrastructure via compromised third-party providers or deployed software. This not only endangers the affected company but also its partners and customers. The impacts of such attacks are far-reaching, ranging from data loss and operational disruptions to significant economic damage and loss of trust among business partners.
Visibility is therefore key to protecting against such threats. Without a comprehensive overview of all identities and access rights within the supply chain, suspicious activities often cannot be detected in time. Studies show that security breaches are often only discovered after months – a period during which attackers can operate undisturbed. It is all the more important for security teams to rely on a multi-layered arsenal of tools and tactics and to equip identities with only the access rights that are absolutely necessary.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
AI and Automation as Game-Changers
In today's digital era, tools that leverage AI and machine learning are indispensable. Traditional manual processes are no longer sufficient to address the growing cyber threats given the multitude of identities. AI-powered solutions enable real-time analysis of large datasets and the detection of patterns indicating potential threats. Automating access permission allocation ensures that employees and external parties only have access to the resources they truly need.
The benefits of this approach speak for themselves: 83 percent of companies report that their investments in security solutions in 2023 have led to fewer identity-related security incidents.
Human and Technology: The Dream Team for Greater Security
Identity security requires close and continuous collaboration between HR, IT, and specialized departments, particularly during onboarding and offboarding. This applies not only to internal employees but also to external forces such as service providers, contractors, or temporary partners. While HR processes map the lifecycle of internal employees, IT must ensure that every identity – regardless of employment status – is granted only the minimal necessary access rights (“Least Privilege” principle).
Automated processes are essential in this regard: they help systematically assign roles and access rights, regularly review them, and revoke them in a timely manner upon departure or project completion. The assessment of third-party cybersecurity practices should also be automated and risk-based – ideally integrated into a comprehensive Identity Governance & Administration (IGA) system.
Regulatory requirements such as ISO/IEC 27001 or NIS2 increasingly demand transparent and controlled management of identities, both within the company and along the supply chain. A robust identity security strategy thus becomes not only a prerequisite for cyber resilience but also for meeting legal requirements.
*Klaus Hild is Manager Solution Engineering Enterprise at Sailpoint. He is responsible for the entire DACH region.
:quality(80)/p7i.vogel.de/wcms/f9/7d/f97deef8fde21c8630d76411b18a20a7/0129803665v1.jpeg "Skoda has invested well over 220 million US dollars in the high-tech battery plant that has now opened in Mlada Boleslav. It has now started its work, which is highly automated ... (Image:Skoda)")
:quality(80)/p7i.vogel.de/wcms/f5/61/f561ad7c72ed41fd7a67ad9c481cb15d/0129799343v1.jpeg "Engine-generator units (MGU) from Steyr Motors are at work in the Leopard 2 main battle tank and the Leguan bridge vehicle (pictured). An extended contract is now to secure at least 500 more systems of this type for the Bundeswehr ... (Image:German Armed Forces)")
:quality(80)/p7i.vogel.de/wcms/6c/b5/6cb5ce2155433f6e73b16399adc4c561/0113143253v1.jpeg "In our China Market Insider we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/7f/fd/7ffd32863352c40f562f4245e4766e61/0129745849v1.jpeg "After US President Donald Trump once again resorted to his favorite weapon, tariffs, concerns rose in the EU that the so-called tariff deal could become invalid. But it looks as if the sea remains relatively calm ... (Image:F. Schneidler)")
:quality(80)/p7i.vogel.de/wcms/9c/ac/9cac6246660e746c5a3989399ac4d250/0128561645v1.jpeg "Artificial intelligence can drive efficiency in smart factories through centralized data management and predictive maintenance. (Picture: ©Fardived - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/6b/e2/6be235b5ad8a442ccd9d164b0b300d8b/0129763992v1.jpeg "As early as 2020, the Zimmer Group announced that it would convert its production to be sustainably CO2-neutral. (Image:Zimmer Group)")
:quality(80)/p7i.vogel.de/wcms/d4/ba/d4bab9481e66f8570f40eb8ef2a90198/0129795613v1.jpeg "A camera inspection during removal ensures that the components are placed correctly in the KLTs. (Image:Yaskawa Europe)")
:quality(80)/p7i.vogel.de/wcms/cb/56/cb56e42b01638b618e8d1b9b38f32faa/0129810132v1.jpeg "From summer 2026, \"AEON\" will support people at the BMW plant in Leipzig. (Image:diephotodesigner.de/BMW)")
:quality(80)/p7i.vogel.de/wcms/b5/5e/b55ed9355e0395ec0caf111d6af6b494/adobestock-495980372--c2-a9-20natali-mis-20-e2-80-93-20stock-adobe-com-6720x3778v1v1.jpeg "Which engineering skills will be in vogue in 2026? (Image:natali_mis - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/bf/a5/bfa5d882e93f159ce93e933742272b00/nord-vibn-cmyk-2196x1235v1v1.jpeg "With digital twins for virtual commissioning, Nord supports customers in ensuring that systems are available more quickly, even with complex drive systems. (Image:Nord Drivesystems)")
:quality(80)/p7i.vogel.de/wcms/f5/7e/f57ef535ee35e7b3b7ff15a8a63cef10/eds-keyvisual-8000x4496v1.jpeg "(Source: European Defence Supply)")
:quality(80)/p7i.vogel.de/wcms/af/a3/afa312176d956068af20491957eef642/newsimage418262-3100x1745v1v1.jpeg "The autonomous shuttle of the Aula AI project during a demonstration of sensor data with artificial fog. (Image:University of Magdeburg)")
:quality(80)/p7i.vogel.de/wcms/cb/23/cb23acd8e9de969d52522692b62b1892/0129680605v1.jpeg "The Z22198 is an extremely compact, three-axis IEPE acceleration sensor for measuring oscillations (vibrations) and shocks in demanding applications. With an edge length of just 0.24 inches and a weight of 0.03 ounces, it is ideal for lightweight structures and confined spaces. (Image:Copyright 2020 ScROGERS,All Rights Reserved)")
:quality(80)/p7i.vogel.de/wcms/c4/40/c44043c61f9dd99b80ccca398c284018/0129795093v1.jpeg "Subaru manufactures the E-Outback at its Yajima plant, marking the first time it has produced an electric vehicle in-house. (Image:Subaru)")
:quality(80)/p7i.vogel.de/wcms/fe/18/fe1824e572677900655c854f6c92c391/0129811281v1.jpeg "BMW and CATL deepen their partnership and work together on the battery pass. (Image:BMW)")
:quality(80)/p7i.vogel.de/wcms/15/54/15546b27b3a679871325ef6d92509a95/0129750872v1.jpeg "Webasto plans to open its third plant for sunroofs in India. (Image:Webasto)")
:quality(80)/p7i.vogel.de/wcms/70/14/70142aa050f8d3f7784c5ddbb2aba5f1/0129778339v1.jpeg "The software investments in production have saved time in Lacon production. (Image:Lacon)")
:quality(80)/p7i.vogel.de/wcms/5c/0f/5c0fee074c4b6c8e8c0993f3217c2f5a/0129773718v1.jpeg "The General Fusion demonstration reactor. (Image:General Fusion)")
:quality(80)/p7i.vogel.de/wcms/7f/c1/7fc1c83b8509df676d27518b82aaef02/0129764984v1.jpeg "China Resources Microelectronics (CR Micro) has announced its intention to increase the prices of its own products. (Image:China Resources Microelectronics)")
:quality(80)/p7i.vogel.de/wcms/eb/4e/eb4e449562174ec95a5b3d30fb0137a2/0129648135v1.jpeg "The III-V germanium PV module with an efficiency of 34.2% is currently the most efficient solar module in the world. (Image:Jacob Forster)")
:fill(fff,0)/p7i.vogel.de/companies/69/88/69882c428938e/tmts2026-ticec-banner-en-2000px.png "tmts2026-ticec-banner-en-2000px (https://www.tmts.tw/en)")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/f4/61/f4615bc4550548c72a754f3e2c58f859/0128580377v1.jpeg "According to a VDMA survey, companies expect cybersecurity incidents to increase in the coming years. (Picture: ©valerybrozhinsky - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/44/88441b497a618976c959afbcba86e87e/0127567165v1.jpeg "Zero Trust security should be an approach for many companies due to increasing attacks on IoT and OT devices. (Image: ©ezra - stock.adobe.com)")