Freely subscribe to our NEWSLETTER

“The charges against SolarWinds’ CISO should give European CISOs
reason for reflection. Authorities are now actively scrutinising them.
If a European company experiences a cyberattack leading to a stock price
drop, despite prior reports of a strong cybersecurity effort, why
wouldn’t the same scenario apply here?

The cybersecurity industry has long advocated for a prominent position
within organisations, which is indeed essential. However, this case
represents the first instance of a CISO being integrated into the upper
levels of the organisation, albeit with a disconnection from the
technical aspect. It underscores the critical importance of the
technical reality and the formidable challenge of bridging the gap
between the top and bottom. The charges unequivocally indicate that
SolarWinds’ security department personnel were aware of the issues,
highlighting a significant disconnect.

These charges are likely to cause sleepless nights for top executives
and board members because the SolarWinds leadership believed they were
operating a business with robust cybersecurity. It serves as a
compelling example of why the role of a CISO should not devolve into a
paper tiger relying solely on contingency plans, management reporting,
compliance, and goal-oriented pursuits. There’s a risk of instilling
unwarranted confidence in top management while diverting focus from the
technical underpinnings.

It is imperative to heed security teams with an intimate understanding
of the technical landscape and take their concerns seriously. The
charges against SolarWinds’ CISO demonstrate that legal measures are
effective in such cases. They bring to light issues and challenges faced
by security chiefs, top executives, boards, and security teams. This
case should trigger concerns and furrowed brows throughout the
industry.”