SEC fines cybersecurity giants for downplaying effects of SolarWinds attack

2 weeks ago

(Image credit: Shutterstock)

Four apical information companies person been charged for downplaying nan effect nan SolarWinds Orion compromise had connected their systems, an action which violated definite provisions of nan Securities Act of 1933 and nan Securities Exchange Act of 1934, among different related rules.

The US Securities and Exchange Commission charged and fined Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited for “making materially misleading disclosures regarding cybersecurity risks and intrusions.”

All companies person received civilian penalties, pinch Unisys expected to salary $4 million, Avaya $1 million, Check Point $995,000, and Mimecast $990,000.

Misleading disclosures

The 2020 onslaught connected SolarWinds’ Orion infrastructure guidance package saw threat actors push updates to nan Orion package that were loaded pinch malware, infecting different organizations downstream successful nan proviso concatenation that utilized nan Orion software.

The onslaught impacted thousands of businesses and respective branches of nan US government, including nan US Department of Homeland Security, nan US Treasury Department, and nan US Department of Commerce.

Among nan businesses impacted by nan onslaught were nan 4 charged by nan SEC, which successful its press release stated Unisys, “described its risks from cybersecurity events arsenic hypothetical” contempt nan institution having knowingly knowledgeable 2 attacks arsenic a consequence of nan SolarWinds onslaught that resulted successful ample amounts of information being exfiltrated.

The complaint against Avaya states nan institution attempted to downplay nan effect of nan SolarWinds attack, stating attackers had accessed a “limited number of [the] Company’s email messages.” In actuality, Avaya was already alert nan threat actors had surgery into nan companies unreality record sharing strategy and gained entree to astatine slightest 145 files.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Check Point and Mimecast were besides recovered to person downplayed nan effect of nan onslaught connected their systems.

Sanjay Wadhwa, Acting Director of nan SEC’s Division of Enforcement, said, “As today’s enforcement actions reflect, while nationalist companies whitethorn go targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders aliases different members of nan investing nationalist by providing misleading disclosures astir nan cybersecurity incidents they person encountered. Here, nan SEC’s orders find that these companies provided misleading disclosures astir nan incidents astatine issue, leaving investors successful nan acheronian astir nan existent scope of nan incidents.”

More from TechRadar Pro

These are nan best endpoint protection services
Thousands of WordPress websites hacked via plugin looking to bargain personification data
Take a look astatine nan best business VPN

Benedict has been penning astir information issues for complete 7 years, first focusing connected geopolitics and world relations while astatine nan University of Buckingham. During this clip he studied BA Politics pinch Journalism, for which he received a second-class honours (upper division), then continuing his studies astatine a postgraduate level, achieving a favoritism successful MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro arsenic a Staff Writer, Benedict transitioned his attraction towards cybersecurity, exploring state-sponsored threat actors, malware, societal engineering, and nationalist security. Benedict is besides an master connected B2B information products, including firewalls, antivirus, endpoint security, and password management.

Source Technology