GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

By Chris Reffkin

In golf there’s a popular saying: play the course, not your opponent.

Related: How ‘CAASM’ closes gaps

In an enterprise, it’s the same rule. All areas of an organization need to be free to “play their own game.”

And  when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation. A security strategy should clear obstacles and enable  every part of a business operation to run smoothly.

Smarter security is the rising tide that lifts all ships. As all parts of an organization overlap with security, an increase in one allows benefits in others.

Departments such as support, manufacturing, design, services, and delivery are enhanced by smart security measures, which allay distracting setbacks and increase the overall inertia. This leads to revenue gains and positive customer outcomes.

What constitutes “smarter security?” Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy.

Complexity challenge

The complexity that has abounded in the past few years has left us more connected and data-driven than ever before. Business initiatives demand faster, more efficient outcomes and technology responds. However, security – the often overlooked and undervalued visitor – is struggling to communicate across the table.

When it comes down to it, C-level goals and CISO initiatives are not all that misaligned. We all want fast, powerful, capable tools that can launch our business into the future with its best foot forward. And we all want to avoid breaches and PR failures in the process.

However, enterprises often experience a disconnect between business objectives and security guidelines. It is in this disconnect that cybercriminals find opportunity.


The attack surface is expanding relentlessly and exponentially, while security initiatives aren’t ingrained into every department’s daily operation. The need for reset and oversight is so great that a new class of technology is emerging to give organizations a better grip on the digital sprawl that’s come to define modern-day enterprise architecture.

Gartner refers to it as “CAASM,” or cyber asset attack surface management. The concept of focusing on your attack surface is a good place to start if struggling to find where to begin.

This smarter form of security fills a glaring gap in today’s solution-saturated market; strategy, and the strategy that can only come from getting a full view of the course.

Automated offense

Smart security also means doing more with less so the company as a whole can run lean. This means secure file transfer solutions, so you don’t waste time with slow encrypting protocols. It means anti-phishing tools so your teams can open emails without needless hesitation or risk.

It also means offensive security measures and vulnerability management so your team can fix problems before they can be exploited and derail operations.

Automating the security tasks of an organization – or hiring out when necessary – keeps those basic hygiene concerns out of mind and allows a business to perform at its best. When done right, a smarter security strategy is unseen.

As I’ve mentioned before, the issue of security is essentially a problem-solving one. These are not security problems for security’s sake. They are fundamentally business problems that rely on security to solve them.

How do we innovate and stay ahead of the competition without our speed backfiring and creating more bugs? How do we take time to manage vulnerabilities in our CRM when we’ve promised 24/7 customer care that relies on it? How can we accomplish our CEO’s vision for full process automation when we’re still transitioning to the cloud – and are unfamiliar with the security terrain?

Smarter security measures mean more subtle, intuitive, predictive solutions that can grease the wheels for whatever a fast-thinking enterprise can come up with next.

Sometimes the issue is resources. Part of problem-solving is examining the trouble spot from all angles. Managed solutions can help. Data Loss Prevention can lift the strain of vigilance and increase security in the workflow.

The overall trend is this: technology, progress, and change are driving the business objectives of today, and “smarter security” solutions are ones that can keep up, stay out of the way, and enable all aspects of a business to perform at their top level.

About the essayist: Chris Reffkin is chief information security officer at cybersecurity software and services provider Fortra. He has deep experience implementing and overseeing security strategy for a myriad of top-tier organizations.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone