🔺 What to do when markets are at an all-time high? Find smart bargains, like these.See Undervalued Stocks

SolarWinds, CISO Brown face SEC charges over cybersecurity risk disclosure

EditorAmbhini Aishwarya
Published 2023-10-31, 01:34 a/m
© Reuters.
SWI
-

SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, are facing charges brought by the Securities and Exchange Commission (SEC) for allegedly concealing specific cybersecurity vulnerabilities from investors. These allegations, made on Tuesday, pertain to the period between October 2018 and December 2020. The SEC argues that the company and Brown only disclosed these risks when the Russian Foreign Intelligence Service breached their Orion network monitoring product.

The SEC seeks to ban Brown from holding executive roles in publicly-traded companies, enforce penalties, and recover fraudulent gains. The regulatory body had recommended enforcement against SolarWinds, Brown, and CFO Bart Kalsu earlier this year. CEO Sudhakar Ramakrishna and legal representative King & Spalding have denied these allegations while acknowledging issues with their remote access setup and the Orion Platform.

Gurbir Grewal, SEC Enforcement Division Director, has urged companies to improve their controls in response to the charges against SolarWinds and Brown.

The charges filed by the SEC in the Southern District of New York allege violations of antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934 by both SolarWinds and Brown. SolarWinds is also accused of violating reporting and internal controls provisions of the Exchange Act.

According to the SEC, despite Brown's knowledge of specific deficiencies in their cybersecurity practices, SolarWinds disclosed only general risks in its filings during this period. This is despite an internal presentation in 2018 where SolarWinds admitted that its remote access setup was insecure and could lead to major reputation and financial damage. In June 2020, Brown expressed concern over a cyberattack on a SolarWinds customer potentially using their Orion software for larger attacks. Despite being aware of these vulnerabilities, he did not adequately address them within the company.

Brown, who was named CISO of the year by the Globee Cybersecurity Awards, is accused of ignoring significant warnings about the company's cyber risks. The SEC’s enforcement division director, Gurbir Grewal, stated that both SolarWinds and Brown ignored these warnings.

The SEC seeks remedies including permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and an officer and director bar against Brown.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.