October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.
"The SEC’s lawsuit is a milestone in its evolving attempt to regulate how public companies deal with cybersecurity. A hack that steals business secrets or customer data often pummels the victim company’s stock price, showing why firms with public shareholders have to accurately disclose such threats, the SEC says. The regulator recently imposed stricter cybersecurity reporting rules for public companies.
"The lawsuit also presents a different view of the breach of SolarWinds, which portrayed itself as the victim of a highly sophisticated intrusion that other government agencies said was part of a Russian espionage campaign. The intrusion went undiscovered for more than a year and gave intruders footholds in at least nine federal agencies that used SolarWinds’ software.
"The SEC’s role in cybersecurity is controversial, with business groups saying its investigations can shift blame to the victim. Other law-enforcement agencies prefer to keep quiet while they probe hackers and sometimes clash with the SEC over its demands for disclosure. The SolarWinds case is the first time securities regulators have gone to court with civil-fraud claims—the most serious charge at the agency’s disposal—against a public company over a hack."
I suggest you send this WSJ Link to your C-level InfoSec decision makers. This is a first.
