CISOs on alert following SEC charges against SolarWinds

While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward.
In late October, the SEC charged SolarWinds and its CISO Timothy Brown with fraud and internal failures related to the massive supply chain attack that was discovered in late 2020, which affected federal government agencies that used SolarWinds' Orion IT management software.
The SEC alleged SolarWinds and Brown misrepresented the company's cybersecurity posture to shareholders in public statements.
SolarWinds issued a rebuttal statement a week later denying the charges, though the statement did not mention Brown.
Transparency challenges were further underscored in August when the SEC implemented a four-day reporting rule for publicly traded companies.
Jake Williams, an infosec professional and faculty member at IANS Research, also addressed the scapegoating issue but in relation to SolarWinds omitting Brown from its counterargument.
Mark Bowling, vice president of security response services at ExtraHop Networks, also did not expect SolarWinds to back Brown.
Instead, the rebuttal statement emphasized that SolarWinds did not commit fraud, which Bowling interpreted as the company only looking out for itself.
Based on the facts laid out in the indictment, Williams believes the charges are warranted and agreed that SolarWinds and Brown took steps to mislead investors.
Based on the complaint and press release from the SEC, Marler said SolarWinds has a long road ahead of them to respond to those specific charges against Brown.
In 2022, SolarWinds agreed to a $26 million settlement in a shareholder lawsuit over the data breach.
The SEC charges could potentially lead to further financial losses for the company.
TechTarget reached out to SolarWinds regarding any updates since the SEC announcement and subsequent rebuttal statement.
One of the biggest disputes between SolarWinds and the SEC pertains to cybersecurity standards.
The SEC's complaint accused SolarWinds of misleading investors by claiming it adhered to the NIST Cybersecurity Framework.
SolarWinds said the SEC's accusation is inaccurate, which was based on a preliminary self-assessment for a completely different set of NIST standards.
It took a large corporation like SolarWinds several months to track the attack timeline to early 2019, though the company still hasn't determined how the attackers first gained access to the network.
Marler said a key issue for SolarWinds is that the SEC claimed the company did not have an adequate plan in place that prioritized the most significant risks facing the company.
Discussions will focus on SolarWinds and other emerging cases in this space.
James Turgal, vice president of cyber risk, strategy and board relations at Optiv, also observed aggregated worry from CISOs following the SEC's announcement.


This Cyber News was published on www.techtarget.com. Publication date: Wed, 17 Jan 2024 17:13:05 +0000


Cyber News related to CISOs on alert following SEC charges against SolarWinds

CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Human error still perceived as the Achilles' heel of cybersecurity - While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs' confidence is ...
1 year ago Helpnetsecurity.com
Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
1 year ago Techrepublic.com
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
1 year ago Darkreading.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
1 year ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
1 year ago Darkreading.com
CVE-2023-52998 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
1 year ago Darkreading.com
The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats - By extending compliance and security requirements to third-party relationships, organizations can reduce their exposure to external threats and ensure that their entire supply chain operates in accordance with regulatory standards. As a result, ...
4 weeks ago Cybersecuritynews.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
1 year ago Helpnetsecurity.com
Why Modern CISOs Must Be Business Translators, Not Just Technologists - This evolution means that modern CISOs must excel as technologists and business translators professionals who can bridge the gap between complex technical realities and the organization’s strategic objectives. By translating technical risks into ...
1 month ago Cybersecuritynews.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
1 year ago Darkreading.com
How CISOs Can Build Trust with Stakeholders in a Data-Driven Era - By aligning security with business goals, speaking the language of stakeholders, and using data to highlight achievements, CISOs can cement their role as indispensable partners in the data-driven era. By adopting these strategies, CISOs can transform ...
4 weeks ago Cybersecuritynews.com
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
1 year ago Cybersecurity-insiders.com
What CISOs Should Exclude From SEC Cybersecurity Filings - As enterprises continue to weigh which security incidents constitute something material enough to be reported under the Securities and Exchange Commission's new rules, CISOs face the challenge of deciding which details to report and, far more ...
1 year ago Darkreading.com
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
1 year ago Darkreading.com
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships - In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was. In addition to their traditional responsibility of defending organizations from an ...
1 year ago Darkreading.com
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
8 months ago Darkreading.com
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape - When CTOs view CISOs as strategic partners rather than barriers to innovation, and CISOs champion security as a driver of business value, organizations can respond quickly to threats while confidently pursuing new opportunities. CTOs leading these ...
1 month ago Cybersecuritynews.com
How CISOs Can Prepare for Evolving Data Privacy Regulations - This article explores how CISOs can proactively address the challenges of evolving data privacy regulations, focusing on strategic leadership, operational best practices, and future-proofing security programs in a dynamic global landscape. In the ...
4 weeks ago Cybersecuritynews.com
Top 3 Priorities for CISOs in 2024 - As the new year begins, CISOs gather with their security teams and corporate management to scope out top priorities for 2024 and how to address these issues. This year - with a multitude of new privacy laws, Securities and Exchange Commission ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
2 years ago Csoonline.com
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
1 year ago Feedpress.me