SolarWinds and its chief information security officer (CISO) have been charged with fraud by the U.S. Securities and Exchange Commission (SEC). The charges relate to the company’s failure to disclose known cybersecurity risks and vulnerabilities that led to a massive cyberattack in 2020.
According to the SEC’s complaint, SolarWinds and its CISO, Timothy Brown, misled investors for years about the company’s cybersecurity practices. The SEC alleges that SolarWinds and Brown knew of specific deficiencies in the company’s cybersecurity practices, as well as the increasingly elevated risks the company faced. However, they chose to disclose only generic and hypothetical risks to investors.
The SEC also alleges that Brown failed to resolve known cybersecurity risks and vulnerabilities, or to sufficiently raise them further within the company. As a result of these lapses, the company could not provide reasonable assurances that its most valuable assets, including its flagship Orion product, were adequately protected.
SolarWinds CEO Sudhakar Ramakrishna said it “is alarming that SEC has now filed what we believe is a misguided and improper enforcement action against us, representing a regressive set of views and actions inconsistent with the progress the industry needs to make and the government encourages.”
The sources for this piece include an article in ITWorldCanada.