SEC Charging SolarWinds Is A Game Changer, Forcing Us To Rethink CISO Accountability – BSW #327

Matt Alderman

1. The Cybersecurity Landscape: How Can Boards Oversee Cybersecurity?

   So far, the market has struggled to view cyber resiliency as a differentiator and to connect the value of cybersecurity preparedness to a company’s bottom line, rendering investments in cybersecurity difficult to justify. The disconnect between cyber risk and business risk might be due to several factors, including the need for literacy on these matters coupled with the qualitative nature of cybersecurity risk assessment. This adds a degree of difficulty to accurately estimating the potential cost/benefit of applying adjustments to a company’s cybersecurity regime.

2. SolarWinds Is A Game Changer – You Cannot Sugarcoat Cybersecurity

   The SEC prosecution of SolarWinds and its Chief Information Security Officer, for alleged fraud and internal controls offences, is already being seen as a game changer for how cybersecurity will be handled and reported on by listed businesses. It is rare for cybersecurity news stories to live up to the hype around them, but, in my view, the game changer accolade is spot on, as I will seek to explain.

3. SEC Charges SolarWinds and CISO with Fraud and Internal Controls Failures

   The SEC alleges that SolarWinds defrauded its investors and customers through misstatements and omissions that concealed the company’s alleged poor cybersecurity practices and cybersecurity risks. Among other things, the SEC seeks permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and an officer and director bar against Brown.

4. Rethinking CISO Accountability: A Call for Balance in Cybersecurity Leadership

   In the wake of recent legal actions against CISOs for cybersecurity breaches, a growing concern is rippling through the infosec community. The message is clear: accountability is essential, but so is fairness. I want to share my thoughts on this delicate issue — recognizing that my views may not align with everyone’s and that I am open to learning from different perspectives.

5. How Corporate Purpose Leads to Innovation

   Too often, companies’ innovation efforts overfocus on one or two stakeholder groups and ignore the others. The result is failure. The best innovations create mutual value for all key constituents: the customers, employees, suppliers, communities, and investors that together have a material “stake” in the innovation’s outcome. This article provides four tips for harnessing your corporate purpose to improve your innovation success rate.

6. How to improve communication in the workplace: Strategies for enhanced productivity

   Communication is the cornerstone of any successful workplace. It’s the glue that binds teams together, fosters collaboration, and enables the smooth flow of information. In today’s fast-paced business world, effective workplace communication is crucial for achieving productivity, employee satisfaction, and overall success. This article will delve into strategies and techniques to improve communication in the workplace, enhancing not only efficiency but also employee engagement and job satisfaction.

7. ISC2 Reveals Growth in Global Cybersecurity Workforce, But Record-Breaking Gap of 4 Million Cybersecurity Professionals Looms

   ISC2 – the world's leading nonprofit member organization for cybersecurity professionals – estimates the global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs. While this is the highest workforce ISC2 has ever recorded, the 2023 ISC2 Cybersecurity Workforce Study brings to light that demand is still outpacing the supply. The cybersecurity workforce gap has reached a record high, with 4 million professionals needed to adequately safeguard digital assets. This year's study included a record 14,865 cybersecurity professionals.