Governance & Risk Management , Risk Assessments , Video

SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

Industry Experts Warn of Reckless Market Statements Potentially Constituting Fraud
Paul Dunlop, COO, Fraud Doctor, and Steven Hindle, founder, Achilles Shield

The U.S. Securities and Exchange Commission in late October charged SolarWinds and its CISO with fraud and internal control failures.. Without the correct understanding of fraud, organizations and CISO who recklessly make incomplete and misleading statements to the market, whether to sell products or preserve stock prices, are not realizing they have created the potential for regulatory action and criminal enforcement for fraud, said Paul Dunlop, COO at Fraud Doctor, and Steve Hindle, CISO and founder of Achilles Shield (see: SEC Alleges SolarWinds, CISO Tim Brown Defrauded Investors).

See Also: A CISO's Guide to Communicating Risk

Companies should not think that the SEC is out to get them, said Dunlop. "The SEC is not out to pick on these professionals trying to do a difficult job in a difficult space, but they carry a real standard for getting it right. There is a level of accountability," he said. "I don't think anybody is picking up on any one person. The regulator is trying to address too much risk in the market."

CISOs in particular, said Hindle, must acclimate to new expectations of transparency. "We look at things through a lens of: 'What are we telling our internal stakeholders? What are we telling our people?' And then: 'What are we outwardly talking about? How are we outwardly positioning risk?' Most mature CISOs will create a risk register. They will do a business impact analysis to examine the risk to the company. That's just maturity in risk management," he said. "But then you can't say in your public statements and filings: 'We are not impacted by these risks.'"

In a video interview with Information Security Media Group, Dunlop and Hindle discussed:

  • Why companies do not talk about this type of fraud;
  • How CISOs can be more aware of occupational fraud;
  • A case study on how businesses have handled occupational fraud.

Dunlop joined Fraud Doctor in 2018. He has over two decades of in-house industry experience in designing and leading fraud and related risk management programs across the global banking and insurance industries.

Hindle is a tenured CISO, board member, and the founder of Achilles Shield, a global cybersecurity consulting and advisory organization that specializes in building lean programs. He leads organizations through complex change and delivers crisis response in globally disrupting events, including cyberattacks, breaches, civil unrest, and natural or man-made disasters.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.