The Importance of Third Party Cyber Security Risk Verification In Light of the SEC SolarWinds Charges

The SEC’s charges against SolarWinds Corporation and its Chief Information Security Officer highlights the importance of independent verification of a company’s cybersecurity practices. In this case, SolarWinds was charged with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices and downplaying known risks.

The significance of independent verification, such as using Stellatra’s cybersecurity risk scoring tool, can be summarized as follows:

• Accurate Assessment of Risks: Independent cybersecurity verification tools, like Stellatra’s, provide companies with an objective assessment of many high-profile cybersecurity risks, such as domain spoofing, encryption breaking, man-in-the-middle attacks, certificate miss-issuance, cross-site scripting, and more. This ensures that the company is aware of its vulnerabilities and can take appropriate measures to address them.

• Investor Confidence: Companies that can demonstrate independent verification of their cybersecurity measures are likely to instill confidence in investors. It shows that the company is proactive about addressing potential risks and is transparent about its cybersecurity posture, thereby attracting more investments.

• Compliance and Regulation: Meeting regulatory requirements is crucial for any company. Independent cybersecurity verification tools help companies comply with regulations and standards by identifying gaps in their security measures, allowing them to align their practices with legal mandates.

• Preventing Legal Consequences: The SolarWinds case illustrates the legal consequences of misleading investors and neglecting cybersecurity risks. Independent verification can help companies avoid legal issues by ensuring that they accurately represent their external cybersecurity attack surface to address common attack vectors.

• Protecting Intellectual Property: Many companies have valuable intellectual property that needs protection. Independent verification tools help identify weak points in cybersecurity, enabling the company to safeguard its sensitive data and intellectual assets from cyber threats and espionage.

• Preventing Financial Loss: Cybersecurity breaches can lead to significant financial losses due to data theft, operational disruptions, and reputational damage. Independent verification tools assist in identifying and mitigating risks, reducing the likelihood of financial losses associated with cyber incidents.

Independent verification of a company’s cybersecurity practices, such as by using Stellatra’s cybersecurity risk scoring tool, is essential for accurate risk assessment, maintaining investor confidence, ensuring regulatory compliance, preventing legal consequences, protecting intellectual property, and minimizing financial losses in the event of cyber threats.

implement strong controls calibrated to your risk environments

The US Securities and Exchange Commission (SEC)

Cyber security is hard, do the basics right.