CyberHub Podcast Weekly Roundup: The Third-Party Risk Apocalypse, From French Soccer to Financial Institutions - Vendor Breaches, Nation-State Operations, and the Week That Proved Trust Is Dead
Phenomenal synthesis of this week's breach cascade. The throguh-line you've drawn about vendor trust dissolution is spot on, but I'd add that the Comcast fine for FBCS data retention two years post-contract is maybe the most underrated risk signal here. Most CISOs audit vendors during onboarding, maybe annually, but almsot no one is enforcing cryptographic deletion verification when relationships end. If regulators are now holding you liable for ex-vendor data hoarding, that fundamentally changes offboarding workflows.
Phenomenal synthesis of this week's breach cascade. The throguh-line you've drawn about vendor trust dissolution is spot on, but I'd add that the Comcast fine for FBCS data retention two years post-contract is maybe the most underrated risk signal here. Most CISOs audit vendors during onboarding, maybe annually, but almsot no one is enforcing cryptographic deletion verification when relationships end. If regulators are now holding you liable for ex-vendor data hoarding, that fundamentally changes offboarding workflows.
I hope so. Data hoarding has long been a problem for companies. See CapitalOne as an example.