Hackers never rest, which exposes enterprises to constant cybersecurity threats. But FireEye's (MNDT) announcement last week was particular. The cybersecurity specialist revealed it was hacked, which doesn't bode well for its activities that consist of protecting customers from such events.
So should shareholders worry about the consequences for FireEye's business?
A serious attack
The company is still investigating the attack, but the available information indicates hackers penetrated its internal systems to steal some of its red team tools. FireEye leverages these tools to simulate hackers' activities and detect weaknesses in its customers' computing infrastructures.
CEO Kevin Mandia said in an SEC filing that the hackers' sophisticated techniques led the company to believe it was a state-sponsored attack that "primarily sought information related to certain government customers." The company is cooperating with the Federal Bureau of Investigation and Microsoft, among other partners, to investigate the whole implications of that event. But the fact that a hostile actor could steal the internal tools of a cybersecurity specialist such as FireEye indicates the hack seems serious, no matter the extra conclusions of the ongoing investigations.
During a conference call about global technology, media, and telecommunications that took place a few days after the incident was revealed, Mandia indicated he thinks the impact will be minimal. Yet the company will be facing multiple types of consequences.
FireEye won't be able to provide some of its services until it replaces its stolen tools, which could lead to disappointing short-term results. For instance, its professional services, which include incident response and other strategic security consulting services, represented 23% of the total revenue of $238 million during the most recent quarter, up from 20% in the prior-year period.
In addition, until more details become available, some customers may be postponing activities with FireEye's consultancy and various other businesses to avoid unknown exposure to potentially compromised extra hardware or software.
More importantly, FireEye is facing the risk of having its credibility damaged over the long term. Indeed, the hack could challenge management's previous statements about the superiority of the company's solutions compared to other cybersecurity specialists.
For instance, Mandia highlighted during the fiscal fourth-quarter earnings call in February, "I receive calls from customers telling me how our red team's exposed critical gaps in their security, gaps that had been missed multiple times by other cyber consulting organizations." He also insisted during the most recent earnings call in October, "Products leverage our frontline knowledge to provide what I believe is the best layer of detection and security and we are focused on maintaining this position."
FireEye will most likely recover from this incident over the long term -- as many other tech companies have done in the past. For instance, the cybersecurity specialist RSA Security faced a serious hack in 2011. In 2020, the research outfit Gartner positioned RSA Security as a leader in its "magic quadrant" for IT risk management based on its completeness of vision and ability to execute.
Granted, FireEye may need to deploy extra efforts to communicate with its customers and reinstate long-term confidence in its hardware, software, and consultancy businesses. But if the ongoing investigations exclude poor cybersecurity practices from FireEye, the reputational damage will stay limited.
Thus, shareholders should not alter their investment thesis in FireEye stock based on the recent hack: Beyond that short-term challenge, the company will still be transitioning away from its legacy on-premises hardware business to a cloud and managed services portfolio to fuel its growth. As a sign of confidence, the previously announced strategic $400 million investment led by investment outfit The Blackstone Group in the tech stock was closed a couple of days after the incident was revealed.
In any case, shareholders should pay close attention to FireEye's upcoming communications about the attack. Any indication of poor cybersecurity practices should involve extra reputational and financial damages, but given management's estimated high sophistication of the attack and taking into account the confirmed strategic investment, serious damage remains unlikely.