Skip to main content

(Veteran tech columnist Jon Markman publishes Strategic Advantage, a guide to investing in the great digital transformation of society. Click here for a two-week trial.)

As more of commerce and government move online, cybersecurity has become obligatory -- yet it has been hit and miss for investors.

Managers at SolarWinds Corp. ( (SWI) - Get SolarWinds Corp. Report) acknowledged Monday that hackers gained back door access to its network management software, exposing potentially 18,000 public and private sector clients.

Ironically the breach was discovered when FireEye ( (FEYE) - Get FireEye, Inc. Report), a major cybersecurity firm and SolarWinds client, discovered hackers had stolen customer threat assessment tools.

That’s definitely a miss.

It’s easy to be a cybersecurity defeatist. Bad actors have become more sophisticated. Often they are state sponsored. Russia, China, Iran and North Korea are all major players in the race infiltrate corporate suites, utility grid infrastructure and government agencies. And they are winning.

FireEye published on December 13 a detailed account of the SolarWinds attack. Hackers compromised its Orion platform in March 2020. The software is foundational to keeping networks up and running across the United States federal government and about 80% of the Fortune 500.

Cyberthieves installed malware called Sunburst inside Orion that disguised itself as part of the system code. They were also able to secure access to the digital signature certificate. So-called supply chain attacks of this nature are extremely difficult for anti-virus software to detect because the code looks like it’s certified by the host.

From there legit Orion software updates burrowed Sunburst inside client networks.

SolarWinds managers noted in a Dec. 14 Securities and Exchange filing that those updates may have reached 18,000 customers, including Microsoft Office 365 accounts. And Reuters reported the that the Department of Homeland Security, the U.S. Treasury and the Commerce Department have been breached.

This shows the problem of investing in cybersecurity companies.

Although the public and private sectors are spending a fortune trying to keep the bad guys out, they are still getting inside even the most secure networks. FireEye, a victim in the SolarWinds hack, is a leading cybersecurity partner to many of these networks. Understandably, shares are down 14.7% in 2020.

The good news is that not all parts of the sector are fraught with investment risk. Some segments are thriving as more companies adopt transformative digital strategies.

SailPoint Technologies ( (SAIL) - Get SailPoint Technologies Holdings, Inc. Report) makes business to business identity software. Its tools help enterprises authenticate users and grant the appropriate privileges. In the past this mostly involved determining what employees got what access. However digital transformation authentication involves granting access to contractors, supply chain associates and more recently software bots.

That last category, Robotic Process Automation is a big cybersecurity opportunity.

Gartner Group, a global information technology research firm, estimates that RPA will reach $2 billion in 2021, a 19.5% increase year-over-year. That’s an acceleration from 2020 when revenue growth shot up 12%.

The incentive is improving business productivity by automating millions of tedious tasks. When customers request a call back online, for example, they are using a RPA. Behind the scenes the bot is authenticating the user, filling out logs, accessing databases and sending out an email to survey the customer experience. All of these processes occur seamlessly within seconds.

These customer conveniences are cost efficient. Studies show RPAs can reduce costs by up to 65% while improving satisfaction.

The challenge for cybersecurity businesses is making sure bad actors are not coming between the bots and company databases.

While that task may not be as glamorous as keeping the homeland safe from Russian cyberattacks, there have been far fewer misses. The business strategy has been a big hit with enterprises and investors, too.

When the Austin, Texas-based firm reported third quarter financial results Nov. 5, strong digital growth powered sales to $94 million, up 36% from a year ago. For the full year managers boosted revenue expectations to approximately $356 million. For context, sales in 2015 reached only $95.4 million.

Shares broke to a new high Tuesday at $51.53, rising 118% in 2020. The stock trades 13x sales for a $4.5 billion market capitalization.

Growth investors should consider buying SailPoint shares into any near term weakness.