The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices prior to a cyberattack launched by Russian hackers in 2019.
The SEC’s complaint accused the company of making claims, including about its own security practices, that were “at odds” with its internal assessments.
But the federal regulator said that Brown failed to sufficiently raise security risks to the company or resolve them.
Gurbir S. Grewal, who oversees the SEC’s enforcement unit, said SolarWinds and Brown “ignored repeated red flags” and “engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”
“Today’s enforcement action not only charges SolarWinds and Brown for misleading the investing public and failing to protect the company’s ‘crown jewel’ assets, but also underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns,” said Grewal.
The SEC told SolarWinds in November 2022 that it faced enforcement action following the cyberattack, warning that the company’s cybersecurity disclosures and public statements were under scrutiny.
The original article contains 565 words, the summary contains 197 words. Saved 65%. I’m a bot and I’m open source!
This is the best summary I could come up with:
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices prior to a cyberattack launched by Russian hackers in 2019.
The SEC’s complaint accused the company of making claims, including about its own security practices, that were “at odds” with its internal assessments.
But the federal regulator said that Brown failed to sufficiently raise security risks to the company or resolve them.
Gurbir S. Grewal, who oversees the SEC’s enforcement unit, said SolarWinds and Brown “ignored repeated red flags” and “engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”
“Today’s enforcement action not only charges SolarWinds and Brown for misleading the investing public and failing to protect the company’s ‘crown jewel’ assets, but also underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns,” said Grewal.
The SEC told SolarWinds in November 2022 that it faced enforcement action following the cyberattack, warning that the company’s cybersecurity disclosures and public statements were under scrutiny.
The original article contains 565 words, the summary contains 197 words. Saved 65%. I’m a bot and I’m open source!