I’m thrilled to sit down with Kwame Zaire, a renowned expert in manufacturing with a deep focus on electronics, equipment, and production management. Kwame is also a thought leader in predictive maintenance, quality, and safety. Today, we’re pivoting to a different but equally critical topic—cybersecurity in operational environments. With insights drawn from recent industry reports like Arctic Wolf’s 2025 Security Operations Report, we’ll explore how cyber threats are evolving, the role of technology like AI in defense strategies, and the challenges of securing systems outside traditional working hours. Let’s dive into how these trends impact industries like manufacturing and what leaders can do to stay ahead of the curve.
How do you think the timing of cyber alerts, with over half occurring outside normal business hours, affects industries like manufacturing that often rely on round-the-clock operations?
In manufacturing, where operations often run 24/7, the fact that 51 percent of cyber alerts happen after hours is both a challenge and a wake-up call. These off-hour attacks are often deliberate, as threat actors know that fewer staff are on hand to respond quickly. For us, downtime isn’t just an inconvenience—it can halt production lines, delay shipments, and cost millions. The timing exploits gaps in human oversight, especially when IT or security teams aren’t fully staffed overnight or on weekends. It’s a reminder that our systems, from equipment controls to supply chain software, need constant vigilance, not just during the 9-to-5 grind.
What strategies can organizations in high-stakes sectors like manufacturing adopt to better handle alerts that spike during weekends or late nights?
First, companies need to invest in 24/7 monitoring, whether through in-house security operations centers or managed services. In manufacturing, you can’t afford to wait until Monday to address a breach. Second, automation plays a huge role—tools that can flag and even contain threats in real-time until a human can step in are critical. Lastly, cross-training operational staff to recognize basic cyber red flags can help. If a line operator notices something odd with a control system at 2 a.m., they should know who to call. It’s about building layers of defense that don’t sleep, just like our production lines.
Why do you think identity-based attacks are becoming such a prevalent threat, especially in environments with complex user access like manufacturing plants?
Identity-based attacks are tough because they exploit trust. In manufacturing, we’ve got employees, contractors, and vendors accessing systems—often with more privileges than they need. When a threat actor steals credentials, they can slip into the network looking like a legitimate user. It’s not like malware that trips an alarm; these attacks blend in. Plus, with remote access for maintenance or monitoring becoming common, there are more entry points. A compromised identity can let an attacker mess with equipment settings or steal sensitive production data, and that’s a nightmare for safety and competitiveness.
Can you break down the concept of standing privileges and explain why they pose such a significant risk in these kinds of attacks?
Standing privileges are basically permissions that are always active for a user, even when they don’t need them. Think of an engineer who has admin access to a control system 24/7, just in case. If their credentials are stolen, the attacker gets that full access too—no limits. In manufacturing, where a single system breach can shut down a plant or worse, cause physical harm, this is a massive risk. The better approach is just-in-time access, where privileges are granted only when needed and for a short window. It’s like locking the door behind you instead of leaving it wide open.
How can companies reduce the risks associated with compromised identities, particularly when fewer staff are available during off-hours?
Start with strong multi-factor authentication across the board—no exceptions. Even if a password is stolen, there’s another barrier. Next, limit privileges to the bare minimum and audit them regularly. In manufacturing, not everyone needs access to every system at all times. Also, deploy monitoring tools that flag unusual login patterns, like someone accessing a system at 3 a.m. from a weird location. Finally, have an incident response plan that works after hours—whether it’s an on-call team or a third-party service. You can’t prevent every breach, but you can shrink the damage window.
With AI and automation handling a growing number of security alerts, how do you see these tools reshaping the workload for security teams in industrial settings?
AI and automation are game-changers, especially in manufacturing where alert fatigue is real. Security teams can’t keep up with thousands of daily notifications, many of which are false positives. Tools that triage alerts—like filtering out noise and escalating real threats—free up humans to focus on strategy, not grunt work. For us, it means faster response to threats against critical systems like PLCs or SCADA, without burning out the team. It’s not about replacing people; it’s about making their expertise count where it matters most.
What specific tasks do you believe AI can take over to help reduce the burden of alert fatigue in security operations?
AI excels at pattern recognition and repetitive tasks. It can analyze logs for anomalies, correlate events across systems, and prioritize alerts based on risk. For instance, in a manufacturing environment, it could spot a weird spike in data traffic from a machine and flag it before a human even notices. It can also handle initial containment—like temporarily blocking a suspicious IP—until someone reviews it. These are the mundane, time-sucking tasks that drain security teams. Letting AI handle them means staff can focus on deeper threat hunting or fixing root causes.
Are there potential downsides to leaning heavily on AI for managing security alerts in complex environments like manufacturing?
Absolutely. AI isn’t foolproof—it can miss nuanced threats or misinterpret context. In manufacturing, a false positive that shuts down a critical system can be as bad as a real attack. There’s also the risk of over-reliance; if teams get too comfortable with AI, they might lose sharp analytical skills. Plus, AI systems themselves can be targeted. If a threat actor manipulates the data feeding an AI, it could make bad calls. So, while AI is a powerful tool, it needs human oversight and constant tuning to match the unique risks of industrial settings.
As AI takes on more routine tasks, how should the role of security analysts evolve to meet the demands of this changing landscape?
Analysts need to shift from just reacting to alerts to proactive roles like threat hunting and system hardening. In manufacturing, that means understanding how cyber threats could impact physical operations—say, tampering with equipment settings. They’ll also need to manage and interpret AI outputs, knowing when to trust the machine and when to dig deeper. It’s a move toward strategic thinking, where they’re not just firefighters but architects of a stronger defense. Creativity and contextual knowledge, especially of the industry, will be key.
What is your forecast for the future of cybersecurity in industries like manufacturing over the next few years?
I think we’re heading toward a hybrid model where AI and human expertise are tightly integrated. Threats will keep growing in sophistication—especially identity-based and IoT attacks as more equipment goes online. Manufacturing will need to prioritize cyber-physical security, protecting not just data but the machines that keep plants running. I expect regulations to tighten, pushing companies to adopt zero-trust frameworks and real-time monitoring as standard. It’s going to be a race between defenders building smarter systems and attackers finding new ways to exploit them. The winners will be those who invest in both tech and people now, before the next big breach hits.
