SEC accuses SolarWinds CISO of fraud in misguiding investors prior to significant cyberattack

    The Securities and Exchange Commission (SEC) plans to charge Timothy Brown. He’s the Chief Information Security Officer of SolarWinds. The reason? Fraud.

    The Root of the Allegations

    Brown allegedly lied to investors. He misrepresented SolarWinds’ cybersecurity practices and hid information about risks. The SEC filed a complaint in New York. It accuses Brown of violating key securities acts from 1933 and 1934.

    What the SEC Wants

    The SEC aims for several things. They want a permanent injunction, disgorgement with prejudgment interest, and civil penalties. Additionally, they seek a bar against Brown holding officer or director positions. This news isn’t sudden. There’s been talk for months that the SEC might charge SolarWinds executives. Why? Their alleged role in a two-year cyberattack linked to Russian intelligence.

    Details of the Cyberattack

    Hackers targeted SolarWinds’ Orion IT monitoring application. They inserted malware, accessing high-value targets. Consequently, they stole sensitive information from large companies and U.S. government departments.

    SEC’s Accusations

    SolarWinds and Brown supposedly misled investors. How? By only discussing generic risks and ignoring specific weaknesses. Gurbir Grewal, from the SEC’s Enforcement Division, commented on this. He said SolarWinds and Brown overlooked critical red flags.

    Evidence Presented

    The SEC shared concerning evidence. Internal reports revealed SolarWinds’ insecure remote access. Brown’s past presentations also raised eyebrows. They highlighted company vulnerabilities. Moreover, internal discussions showed worries about the company’s cybersecurity capabilities.

    SolarWinds’ Response

    SolarWinds didn’t take the charges lightly. They expressed disappointment and warned of national security impacts. They believe the SEC overstepped its bounds. Their aim? To reveal the truth in court and keep supporting customers.

    Other Related Incidents

    Regarding SUNBURST, the SEC says SolarWinds’ disclosure fell short. Last year, SolarWinds settled hacking-related lawsuits for $26 million. But in November, the SEC hinted that SolarWinds had previously misled the public about its cybersecurity.

    Implications for CISOs

    This case against Brown will worry other Chief Information Security Officers (CISOs). They’ll be anxious about potential liabilities linked to their roles. For instance, Uber’s former Chief Security Officer, Joe Sullivan, faced legal issues over a data breach.

    Kaspersky’s Input

    Kaspersky, a Russian cybersecurity vendor, shared their thoughts. They believe the actions seem political, not based on product evaluations. Other bans include Canada’s TikTok prohibition in 2023. Similarly, in 2022, the U.S. Federal Communications Commission (FCC) labelled Kaspersky a national security risk.

    Latest articles

    Related articles