Security Controls | Breaking Cybersecurity News | The Hacker News

The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily dismiss the case. The SEC said its decision to seek dismissal "does not necessarily reflect the Commission's position on any other case." SolarWinds and Brown were accused by the SEC in October 2023 of "fraud and internal control failures" and that the company defrauded investors by overstating its cybersecurity practices and understating or failing to disclose known risks. The agency also said both SolarWinds and Brown ignored "repeated red flags" and failed to adequately protect its assets, ultimately leading to the supply chain compromise that came to li...

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not necessarily a security control configured to defend against real-world threats. The recent Gartner® Report , Reduce Threat Exposure With Security Controls Optimization, addresses the gap between intention and outcome. We feel it discusses a hard truth: without continuous validation and tuning, security tools deliver a false sense of, well, security. In this article, we'll take a deep dive into why control effectiveness should be the new benchmark for cybersecurity success, and how organizations can make this shift. The Myth of Tool Coverage Buying more tools has long been considered the k...