Looking out for the American people and his teammates is something Rick Diggers has committed himself to since the moment he turned 18.

After enlisting in the US armed forces straight out of high school and choosing the challenging path of a Combat Controller, Rick went on to be a key player in setting up the Department of Homeland Security’s collection management apparatus. From there, he moved to CISA for 15+ years, performed key positions with the US Airforce, and is now Managing Director – Critical Infrastructure Cyber Lead at Accenture Federal Services.

Driggers worked with federal, state, and local offices to understand the security posture of America’s infrastructure, most of which operate on legacy technology that was never initially intended to be connected to online networks. Securing these infrastructures has taken time and the industry is beginning to feel the momentum. ”If I’m looking at an organization’s cybersecurity posture through a maturity and a readiness lens, that really allows me the flexibility to make adjustments based on emerging threats and risk,” said Rick. That’s a lot better than, you know, playing whack-a-mole with vulnerabilities, which unfortunately a lot of organizations do.”

When drilling down into what makes the agile and cybersecurity mindset possible, Driggers says it comes down to people, process, and technology, not just tech operating on its own– and that’s only one of the 3 top challenges to securing organizations.

3 Top Challenges in organizational cybersecurity

Today’s cybersecurity gaps are especially challenging for organizations who see their systems and operations taken offline. When working with governmental organizations, a hack may go beyond ransomware to exposing personal information on a person of interest or even government secrets.

When the stakes are so high, it becomes a team effort to ensure that such important data is only accessed by authorized users. To achieve this, organizations should focus on:

Culture

From the start, it’s important to acknowledge that securing IT networks and OT (Operational Technology) networks are not the same. While IT practitioners are often focused on securing private data, OT cybersecurity professionals are more focused on operational uptime and availability. They have different problems to tackle and approach them from different angles.

Executives have to recognize this and encourage opportunities for them to collaborate on sorting organizational problems in a way that allows them to better understand one another.

People, process, and policy

Working towards a common goal demands that each team member is in a role that is in line with their skills. Employees should be in the right place at the right time, able to understand challenges and act on them accordingly, without having irrelevant decision makers holding things back.

Visibility

Streamlining processes demands a clear understanding of what each department and team member does, in order to allow them to work as efficiently as possible while creating opportunities to recognize their own cybersecurity vulnerabilities. In addition, this creates opportunities for teams to reduce duplicated efforts.

“I think gaining visibility goes a long way to helping manage many technical aspects. That’ll help free up resources to apply to real security practices to reduce risk,” said Driggers. “In my mind, it really all starts with visibility. If you can’t see it, you can’t protect it.”

Protecting infrastructure into the future

The first step in securing any piece of technology is by having cybersecurity be part of early development, not an afterthought where discovered vulnerabilities may make a device insecure, or even unusable.

For example, the promise held by 5G technology and being able to connect fleets of devices to cellular networks increases attack surfaces to unprecedented levels. How do we secure these spaces on such a wide scale? “Future security challenges in this space, particularly as it applies to the development of new or existing critical infrastructure, is continuously evolve our security solutions to not only ensure the integrity, reliability, and security of all of these connected technologies, but we also need to ensure the safety and privacy of our people.” said Driggers.

A large part of that is the Biden administration’s executive order 14028, which laid the groundwork for the cybersecurity documentation and ultimately much of the progress that we are seeing today with Software Bill of Material (SBOM) documentation. What’s more is that it was all done from a supply chain perspective- not only for software supply chains but also for software development environments. It gives guidance on language and clear risk guidance to manufacturers on how to speak with their customers.

To achieve this, SBOMs are critical in identifying potential vulnerabilities, gaining insights into mitigation techniques, and securing organizations in an organized manner. Ultimately, the greater visibility and communication about potential threats that exists within an organization’s culture, whether it be through meetings or documentation, the more secure it will be.

By Rafi Spiewak

Rafi is Cybellum's Director of Content. Driven by curiosity and an itch to simplify messaging surrounding complicated technologies, his work spans across cybersecurity, emerging technologies, and beyond.