SEC indictment against SolarWinds CISO worries cyber leaders

Cybersecurity experts have expressed concern regarding the U.S. Securities and Exchange Commission's indictment of SolarWinds and its Chief Information Security Officer Timothy Brown regarding failures to disclose the company's cybersecurity risks that culminated in the devastating software supply chain attack in 2020, according to SecurityWeek. Such a lawsuit could discourage CISOs from practicing cyber threat information sharing across their organizations and possibly hinder cyber incident response efforts, according to experts, which echoed the sentiments of SolarWinds President and CEO Sudhakar Ramakrishna. "[The SEC's charges] also risk disenfranchising earnest cybersecurity professionals across the country, taking these cyber warriors off the front lines," Ramakrishna said. However, cybersecurity expert Jake Williams noted that the lawsuit is necessary to ensure accountability among CISOs. "CISOs, especially those at publicly traded companies, should take stock of their security programs and ensure that what's being communicated to the public is rooted in reality rather than spin and wishful thinking. For those in privately held organizations, the SEC is setting a new standard for security disclosures with this lawsuit," Williams said.