New data shows 90% of NEDs lack confidence in cybersecurity value. CISOs and CIOs must translate cyber risk into business impact.
The post CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap appeared first on Security Boulevard.
Cloud SLAs often fall short of enterprise needs. Learn how CISOs can assess, mitigate and manage SLA gaps using risk frameworks, compensating controls and multi-provider strategies.
The post HowΒ to Manage Cloud Provider Risk and SLA GapsΒ appeared first on Security Boulevard.
Identityβs New Frontier: How CISOs Can Navigate the Complex Landscape of Modern Access Management The cybersecurity battlefield has shifted. No longer are perimeter defenses and traditional identity management sufficient to...
The post Innovator Spotlight: Oleria appeared first on Cyber Defense Magazine.
The Digital Battlefield: How AI is Reshaping Cybersecurity and Fraud Prevention Crocodiles arenβt the only predators lurking in the shadows anymore. Todayβs most dangerous hunters wear digital camouflage, wielding artificial...
The post Innovator Spotlight: Darwinium appeared first on Cyber Defense Magazine.
The Silent Threat: Why Your AI Could Be Your Biggest Security Vulnerability Imagine a digital Trojan horse sitting right in the heart of your organizationβs most valuable asset β your...
The post Innovator Spotlight: DataKrypto appeared first on Cyber Defense Magazine.
Your teamβs ability to identify phishing attempts in their inboxes has the potential to make or break your entire security posture, which is why having an effective training program in...
The post Cyber Security Simulation Training Mistakes That CISOs Must Avoid appeared first on Cyber Defense Magazine.
EXECUTIVE SUMMARY:
In a landmark case, a judge dismissed most of the charges against the SolarWinds software company and its CISO, Timothy Brown.
On July 18th, U.S. District Judge Paul Engelmayer stated that the majority of government charges against SolarWinds βimpermissibly rely on hindsight and speculation.β
The singular SEC allegation that the judge considered credible concerns the failure of controls embedded in SolarWinds products.
For its part, SolarWinds has consistently maintained that the SECβs allegations were fundamentally flawed, outside of its area of expertise, and a βtrickβ designed to allow for a rewrite of the law.
For some time, the SEC has pursued new policies intended to hold businesses accountable for cyber security practices; an understandable and reasonable objective.
In this instance, the SEC said that claims made to investors in regards to cyber security practices had been misleading and false β across a three year period.
The SECβs indictment also mentioned falsified reports on internal controls, incomplete disclosure of the cyber attack, negligence around βred flagsβ and existing risks, and more.
But what caught the attention of many in the cyber security community was that, in an unprecedented maneuver, the SEC aimed to hold CISO Timothy Brown personally liable.
This case has been closely watched among cyber security professionals and was widely seen as precedent-setting for future potential software supply chain attack events.
In the end, the court ruling does not hold CISO Timothy Brown personally liable for the breach.
βHolding CISOs personally liable, especially those CISOs that do not hold a position on the executive committee, is deeply flawed and would have set a precedent that would be counterproductive and weaken the security posture of organizations,β says Fred Kwong, Ph.D, vice president and CISO of DeVry University.
Despite the fact that this court ruling may loosen some CISO constraints, βyou need to be honest about your security posture,β says Kwong.
The remaining claim against the company, which will be scrutinized further in court, indicates that there is a basis on which to conclude that CISOs do have certain disclosure obligations under the federal securities laws.
The SolarWinds incident, as its come to be known, has cost SolarWinds tens of millions of dollars. In 2023, the company settled a shareholder lawsuit to the tune of $26 million.
A spokesperson for SolarWinds has stated that the company is βpleasedβ with Judge Engelmayerβs decision to dismiss most of the SECβs claims. The company plans to demonstrate why the remaining claim is βfactually inaccurateβ at the next opportunity.
For expert insights into and analyses of the SolarWinds case, please see CyberTalk.orgβs past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week,Β subscribeΒ to the CyberTalk.org newsletter.
The post SEC charges against SolarWinds largely dismissed appeared first on CyberTalk.
Login