Security News

The Securities and Exchange Commission brought charges against both Austin, TX-based information security software company SolarWinds and its CISO Timothy G. Brown on October 30. The SEC alleges that between SolarWinds' October 2018 initial public offering and the December 2020 announcement of the large-scale cyberattack, SolarWinds and Brown specifically " defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

The Securities and Exchange Commission announced charges against SolarWinds and its CISO, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed SUNBURST, SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

TechRepublic Premium Hiring Kit: Cloud Engineer Regardless of what business or what industry you are in, the potential benefits of cloud computing and cloud computing services are self-evident. With so many businesses flooding .... TechRepublic Premium Hiring Kit: Data Architect To make their best decisions, businesses need the best actionable information.

Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. Only 36% of security leaders are totally confident in their security data and use it for all strategic decision making.

Joe Sullivan, Uber's CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company's data security and privacy practices.

The complexity and change experienced by organisations as they grow is one reason we are seeing similar cyber security risks to a decade ago, says Rapid7's CISO Jaya Baloo. Speaking on ethics in information security at the 2023 Australian Cyber Conference, Baloo said the Australian market has truly woken up to cyber risks in the last year due to a number of high-profile data breaches that have affected millions of Australians.

Boards should prioritize conversations around how an organization can modernize their technology infrastructure, leveraging architectures where security is built in, not bolted on, to drive better security, agility, and efficiency. How can boards balance fostering innovation and ensuring that security remains a priority throughout the organization's initiatives?

This year, 20% of CISOs did not receive a raise, double that of a year ago, while the share of CISOs with bigger retention bonuses and equity packages also declined to 12% and to 8%, respectively. "At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment," stated Nick Kakolowski, Senior Research Director at IANS. "On closer inspection, we're seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren't extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result - something evidenced in 75% of respondents saying they are considering a job change in the next 12 months."

86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk. "The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," said Jason Lee, CISO, Splunk.

That's according to the latest results of IANS' survey of 600 US-based CISOs, which also found that most people working in the role are either earning below $400,000 or above $700,000 a year. One in five of all CISOs earn above $700,000 and half of these corporate rockstars are paid more than $1 million a year.