Call for stricter cyber laws by SolarWinds security chief

The first cyber chief to fight an effort by ‍the US ⁤Securities and Exchange Commission (SEC) to hold him personally responsible for a massive ​Russian hack has called⁣ on global regulators to pass tougher cyber security ⁣laws. Tim Brown, chief information security officer at SolarWinds, ⁤faced a landmark lawsuit that accused him and the company of misleading​ investors by not disclosing “known risks” and ‍inaccurately representing the ⁤company’s security measures.

Speaking to‌ the Financial Times in his first⁢ interview⁤ since the complaint was largely thrown out by a federal court in July, Brown warned that global ⁢cyber regulations are still “in flux”, which​ “absolutely adds stress ⁤across the‌ globe” on cyber chiefs. He emphasized that having ⁣clear rules ⁣is crucial for cybersecurity⁢ professionals to effectively⁤ do their‍ jobs.

SolarWinds was relatively unknown until it fell victim to Russian hackers as part of a large-scale espionage campaign in 2020. ‌The SEC’s lawsuit reflects‍ its increased focus on targeting cyber risks under chair ‌Gary Gensler’s⁢ leadership, as well as signaling that individuals could be held accountable ⁤for hacks.

Last year, Joe Sullivan, Uber’s former chief security officer, received probation and a fine​ for covering up a data ⁤breach from 2016. This marked the first criminal prosecution of an executive over ‍mishandling⁢ a ‍data breach. The SEC introduced new cyber rules last year regarding data breach disclosure and requiring public companies to ⁤outline their cybersecurity risk management processes in annual reports.

Brown expressed hope that global ⁤cyber regulations were moving in the right direction. He suggested that cybersecurity professionals would​ benefit from ​legislation ‌similar to the Sarbanes-Oxley Act enacted after Enron’s scandal in 2002.

The lawsuit ​against SolarWinds has been seen⁢ as significant within the industry. Lawyers representing security professionals have cautioned ⁣about its potential impact on internal efforts to enhance company security if ⁣comments made during those efforts could later be used against them out of context.

District judge Paul Engelmayer ruled in July that applying accounting rules to cybersecurity processes was not feasible. While most claims against SolarWinds and Brown‍ were dismissed, one claim of securities fraud based on a statement​ published by SolarWinds on its website was upheld.

A spokesperson for SolarWinds stated they planned to ‌contest this remaining⁣ charge due to factual inaccuracies. Brown acknowledged that although uncomfortable personally, this‍ lawsuit has given corporate security professionals more influence at executive​ levels and prompted important conversations within boards about cybersecurity issues.

Despite‍ joining Cytactic’s advisory board this month, Brown remains committed to his role at SolarWinds while acknowledging his responsibility regarding the incident‌ but⁢ emphasizing his determination to rectify any shortcomings.

In terms of financial performance, ⁢SolarWinds reported $193⁤ million revenue between April-June 2022 compared with $246 million during the same period last year before disclosing the ⁣hack incident. Although shares have started recovering from their lows​ earlier‍ this year following what is known⁢ as Sunburst incident; they remain down over 40% overall.

Share:

Leave the first comment

Related News