cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

SEC vs. SolarWinds is Cybersecurity's ENRON Moment

Hi All

 

Cybersecurity it appears just transitioned from wizardry to accounting, and the transition will be messy.

 

https://danielmiessler.com/p/sec-vs-solarwinds-cybersecuritys-enron-moment

 

What do you think?

 

Regards

 

Caute_Cautim

2 Replies
Early_Adopter
Community Champion

“…the fabulously beautiful planet Bethselamin is now so worried about the cumulative erosion by ten billion visiting tourists a year that any net imbalance between the amount you eat and the amount you excrete whilst on the planet is surgically removed from your bodyweight when you leave -every time you go to the lavatory there, it is vitally important to get a receipt…” - Douglas Adams

 

“Provide Legal Exculpation And Sign Everything" (P.L.E.A.S.E.) - Barnabus Stinson

 

You become what you pretend to be, and accept anything you willingly walk by… so yes, you better have a lot of accountability.

JoePete
Advocate I

The underlying premise of the article, that security is moving in the direction of accounting, I think is insightful. Having been around a few different corporate blocks, I've come across a couple of financial catastrophes, all of which had a nice tidy letter of compliance from their auditors. Of course if you dig into those audits, especially the comments between the auditors and management, then you can get to real meat that gets stripped away for the final report. I do think it is a fair parallel to where we are with security. A lot like an audit, security is often treated as side-show nuisance. We may have employees or consultants raising red flags, but by the time they get to a board-level report, those flags have changed from red to white, where the knowledgeable professionals surrender, often with an "above my pay grade" sigh.

 

Ultimately, the market drives corporate action, though. In the case of SolarWinds, for example, investors have seemed skittish. Perhaps that reflects the cloud of the SEC investigation. However, Equifax  has more than recouped any value it may have lost related to its 2017 breach, which at most seems a blip on its record. Microsoft's blunders regarding its key security and other vulnerabilities seem to have no impact on its stock. We can run on down the line, and it's hard to find a correlation between security incidents and stock price. Perhaps the hidden message is that, like the accounting industry, we in the security industry don't do a good job connecting our metrics to human impact.