"Rather than address these vulnerabilities, SolarWinds and Brown engaged in a campaign to paint a false picture of the company's cyber controls environment, thereby depriving investors of accurate material information,"
"The claims "impermissibly rely on hindsight and speculation"."
"For obvious reasons, the SEC did not want to take a risk in this highly publicized and closely watched case, instead preserving its resources for upcoming lawsuits where it can prevail in court with certainty,"
"In sum, one should be prepared for new legal actions by the SEC that may lead to major victories of the federal agency."
The SEC abandoned its 2023 lawsuit against SolarWinds and chief information security officer Tim Brown, which alleged investor fraud by misleading disclosures about a nearly two-year cyberattack. The Sunburst malware infected about 18,000 organizations, including Microsoft, Intel, FireEye, Cisco, and several US government departments. The SEC alleged an internal engineer warned of serious security issues in 2018 and that SolarWinds overstated its cybersecurity practices while understating or failing to disclose known risks. A US District Court judge dismissed most charges as relying on hindsight and speculation. The SEC said the decision was made in the exercise of its discretion and does not necessarily reflect its position in other cases.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]