Paul's Security Weekly (Audio) Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854
Dec 12, 2024
Eric Greenwald, General Counsel for Finite State, brings over 20 years of expertise in law and technology to the discussion on supply chain security and regulatory navigation. He delves into the complexities of cybersecurity compliance, emphasizing the challenges companies face with firmware vulnerabilities. The conversation also highlights the implications of SOC 2 certification and recent legal standards, while reflecting on notable cybersecurity breaches. Additionally, they explore the evolving landscape of telecom security and the need for more effective risk management strategies.
AI Snips
Chapters
Transcript
Episode notes
Target Breach Lawsuits
- Target faced ~50 lawsuits after their breach, each with varying security standards.
- Eric Greenwald wouldn't know what to do to prevent liability in such a situation.
No Guaranteed Protection
- There's no universal cybersecurity standard to guarantee legal protection.
- Companies are constantly at risk of lawsuits for cybersecurity failures, regardless of their efforts.
Internalized Liability
- Companies often internalize cybersecurity liability as a cost of business.
- They rely on insurance and contracts, but risk transfer to vendors is limited.