Suggestions

SolarWinds breaks free, waving bye to SEC’s legal entanglements

January 30, 2024
by
1 min read




Summary of Article

TLDR:

SolarWinds has filed a motion to dismiss the SEC lawsuit, providing a detailed defense of how the cyber espionage attack on its system was handled. The company argues that the SEC lacks both the expertise and authority to charge SolarWinds and its chief information security officer (CISO) with mishandling the attack. The SEC alleges securities fraud and internal controls failures, claiming that SolarWinds knew it lacked appropriate cybersecurity controls and misled customers about the threat.

SolarWinds Files Motion to Dismiss SEC Lawsuit

In response to charges from the Securities and Exchange Commission (SEC), SolarWinds has filed a motion to dismiss the lawsuit, providing a detailed defense of its handling of the Russian-backed cyber espionage attack on its Orion platform in 2020.

The SEC had charged SolarWinds and its CISO Tim Brown with securities fraud and internal controls failures for their response to the cyberattack campaign. The SEC alleged that SolarWinds knew it lacked appropriate cybersecurity controls and willfully misled customers about the threat. They also accused Brown of insider trading by dumping SolarWinds stock before the cyberattack was made public.

SolarWinds immediately vowed to mount a defense in court following the charges. The new motion to dismiss offers a detailed denial of the SEC’s accusations, arguing that SolarWinds made proper disclosures before and after the attack and that the SEC is overstepping their authority by seeking to regulate public companies’ cybersecurity controls.

The company points out that the SEC failed to clearly identify which security controls violated regulations and asserts that the SEC is attempting to rewrite accounting controls laws. SolarWinds maintains that it acted appropriately and transparently throughout the cyberattack response, claiming to be a victim rather than a perpetrator of the cybercrime.

Overall, SolarWinds is seeking to have the lawsuit dismissed, asserting that the SEC lacks the necessary expertise and authority in cybersecurity to bring the charges against the company and its CISO. The case raises larger questions about the role of regulatory bodies in overseeing and regulating cybersecurity controls for public companies.


Post Views: 96

Adrian Johnson

Latest from Blog

Bridging the cyber talent gap: tips for CISOs

TLDR: – Global cyber threats have increased twofold in recent years, leading to a talent gap of nearly 4 million cyber professionals worldwide. – Existing cyber staff are under strain, with vacancies

North Korean hackers pivot to ransomware attacks

TLDR: North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui A North Korea-linked threat

Cyber insurance evolves to cover all your online needs

TLDR: Cyber insurance coverage is evolving to help raise security baselines across businesses. Only one-quarter of companies have a standalone cyber insurance policy. In today’s evolving cybersecurity landscape, cyber insurance coverage is