Hackers have used human vulnerabilities, not software, to launch some of the most damaging cyber attacks in recent years.
“When you store data, for example, in [Amazon Web Services], or Microsoft Azure, or any type of data technology, the likelihood of someone hacking into that data has become less and less likely,” thanks to modern hacking protections, said Grant Elliott, CEO and founder of Ostendio, a cybersecurity platform that helps companies manage information security and identify digital and human weak points.
“Much more likely is the fact that someone’s going to share their user ID and password,” he said.
Major data breaches such as the Democratic National Committee’s and Yahoo’s highly-publicized hack fall under this category.
Some strategies to solving password concerns include technical solutions, but the vast majority fall to “basic requirements, like training people on how they should be handling that data in the first place,” Elliott told What’s Working in Washington.
With a background as the chief information security officer and chief operations officer of a D.C.-area health company, Elliott found that the multitude of tasks required by companies to protect data “becomes very very difficult to manage.”
Ostendio software allows companies to measure their information security against baselines and standards for their specific field. “All those regulations and standards outline a set of processes and steps that you should be taking as an organization,” he said. This includes basic things like staff training and risk assessment, up to even the most technical measures.
The Scotland native said D.C. back from having more product-based cyber companies is that it’s sometimes difficult to access investment dollars.
If you look at areas like Silicon Valley, Boston, or New York, “they’ve been very, very successful at building a community that really helps to work with local startups and to basically invest. I think that’s starting to happen in D.C.,” said Elliott, but the area still needs to work to unify the DMV region.