SEC alleges SolarWinds and key executive misled investors about cybersecurity prior to 'massive' cyberattack.

[ 31/10/2023 14:48 ] Read on cnbc.com

Report Overview: The article contains several manipulations, such as misleading headlines, omission of key information, biased language, and unbalanced reporting. These manipulations contribute to a lower objectivity score.

Sides Objectivity Scores

SolarWinds (60)

SEC (80)

Sides Representation Balance

Favored Side

SEC

Caution! Due to inherent human biases, it may seem that reports on articles aligning with our views are crafted by opponents. Conversely, reports about articles that contradict our beliefs might seem to be authored by allies. However, such perceptions are likely to be incorrect. These impressions can be caused by the fact that in both scenarios, articles are subjected to critical evaluation. This report is the product of an AI model that is significantly less biased than human analyses and has been explicitly instructed to strictly maintain 100% neutrality.

Nevertheless, HonestyMeter is in the experimental stage and is continuously improving through user feedback. If the report seems inaccurate, we encourage you to submit feedback , helping us enhance the accuracy and reliability of HonestyMeter and contributing to media transparency.

Detected Manipulations & Suggested Changes

Misleading headlines

The article's headline suggests that SolarWinds and its key executive deliberately misled investors about cybersecurity prior to the cyberattack.

In this article SWI Follow your favorite stocks CREATE FREE ACCOUNT SolarWinds Corp banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York, U.S., October 19, 2018. Brendan McDermid | Reuters Cybersecurity firm SolarWinds, which was targeted by a Russian-backed hacking group in one of the worst cyber-espionage incidents in U.S. history, committed fraud and failed to maintain adequate internal controls for years prior to the hack, the Securities and Exchange Commission alleged in a lawsuit.

Change the headline to accurately reflect the allegations made by the SEC.

Omission of key information

The article fails to mention any potential defenses or counterarguments from SolarWinds or its executives.

The suit comes as major corporations prepare for a new cyber disclosure rule that would require companies to report cybersecurity incidents within a few days of discovery. Regulators have begun to pay increasing attention to hacks, in the wake of significant breaches that materially impacted corporations from Clorox to MGM Resorts. In a statement Monday, the company said it believed the SEC was pursuing 'a misguided and improper enforcement action against us.' SolarWinds also filed the statement with the SEC. 'The truth of the matter is that SolarWinds maintained appropriate cybersecurity controls prior to SUNBURST and has led the way ever since in continuously improving enterprise software security based on evolving industry standards,' the filing from SolarWinds CEO Sudhakar Ramakrishna, referring to the codename for the hack. A SolarWinds spokesperson said in a statement the SEC's charges are unfounded and that it will contest them in court. The company said it has been engaging with the SEC for three years and emphasized that it is fully supporting Brown, who will continue to serve as SolarWinds' CISO. 'Mr. Brown has worked tirelessly and responsibly to continuously improve the Company's cybersecurity posture throughout his time at SolarWinds, and we look forward to defending his reputation and correcting the inaccuracies in the SEC's complaint,' Brown's attorney Alec Koch said in a statement to CNBC.

Include statements or responses from SolarWinds or its executives to provide a more balanced perspective.

Biased language

The article uses language that portrays SolarWinds in a negative light, such as 'committed fraud' and 'overstated its cybersecurity practices.'

The suit, filed Monday, also names SolarWinds' chief information security officer Tim Brown, and alleges that the company overstated its cybersecurity practices and understated known vulnerabilities in the company's systems. SolarWinds shares dropped 1.5% on Tuesday. 'We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds' cyber risks, which were well known throughout the company,' SEC enforcement director Gurbir Grewal said in a press release. SolarWinds went public in 2018, and made only 'generic' disclosures about cybersecurity risk in both its prospectus and in continued filings, the complaint said. However, the SEC alleged that SolarWinds and Brown knew that the company's cybersecurity practices were weak, pointing to an internal presentation from Brown that was made the same month SolarWinds went public.

Use neutral language to describe the allegations against SolarWinds and its executives.

Unbalanced reporting

The article focuses more on the allegations made by the SEC and provides limited information about SolarWinds' perspective.

The SEC complaint cited numerous internal emails and messages that openly discussed alleged false statements made by the company, material risks in its cybersecurity systems, and products 'riddled' with vulnerabilities. It appears to be one of the first times the SEC has alleged a company misled and defrauded investors over cybersecurity risks. The attack was particularly severe because numerous government agencies relied on SolarWinds' 'crown jewel' Orion software. Orion is used to manage technology and I.T. systems. It was compromised by a Russian-aligned group codenamed Nobelium in 2019, a hack that remained undetected through most of 2020. The myriad vulnerabilities known by the company weren't acknowledged in the company's regulatory disclosures, the SEC alleged, and some directly led to the Russian-backed hack of Orion.

Provide more information about SolarWinds' perspective and any potential defenses or counterarguments.

Spread the Truth

Share Report!

- This is an EXPERIMENTAL DEMO version that is not intended to be used for any other purpose than to showcase the technology's potential. We are in the process of developing more sophisticated algorithms to significantly enhance the reliability and consistency of evaluations. Nevertheless, even in its current state, HonestyMeter frequently offers valuable insights that are challenging for humans to detect.