The Internal Sentinel
Earlier this month, AT&T (NYSE: T) was hit by the largest fine ever levied by the Federal Communications Commission (FCC) for a data breach. Beginning in May 2014, the names and full or partial social security numbers of nearly 300,000 AT&T customers were stolen over the course of a 168-day data breach. The attack involved outside parties paying call center works to retrieve the data.
Even as the Feds were investigating the original attack, additional intrusions were detected. It’s believed that the stolen data was used to unlock stolen cellphones so that they could be sold on the secondary market.
The FCC hit AT&T with a $25 million fine for failing to keep customer’s data secure, plus AT&T will provide credit monitoring services to affected customers. It has also stopped using the third-party vendors which operated the compromised call centers, while beefing up security at others.
While it’s not clear what additional security measures AT&T has taken, it’s possible that the telecom is used a product from Varonis Systems (NSDQ: VRNS).
A relatively new company that went public a little over a year ago, our analysts at Smart Tech Investor added the company to their Next Wave Portfolio last November and are up by more than 17% on their position so far.
Varonis (NSDQ: VRNS) sells software which secures unstructured data which doesn’t necessarily fit into traditional data bases. Its programs can analyze who is accessing data and where, then decide who should be accessing it and how and restrict unauthorized usage. It’s actually a surprising common problem for companies of all sizes to allow their employees access more data than they actually need to do their jobs, compounding the risk of a breach.
While it’s not clear that Varonis’s products would have saved AT&T’s $25 million – regulators and the telecom haven’t released full details of the data stealing scheme for obvious reasons – studies have shown that a company’s works are often its worst enemies. Employees, former employees and vendors who have access to a company’s data are often behind cyber breaches, making it imperative know who has access to data and then employ proper controls.
Revenue at Varonis rose 36% last year, to $101.3 million, and it added 363 new customers for a total of more than 3,300. Perhaps most importantly more than 90% of the company’s existing customers renew their maintenance contracts, providing the company with an ongoing base of revenue.
Revenue from existing customers has also been growing fairly rapidly, as the company gets its foot in the door by selling one or two products, then upselling as the customer comes to appreciate the value Varonis offers. And with the average customer spending just $60,000 with Varonis initially, there’s plenty of room for growth since that’s just a drop in the bucket of a major companies IT budget.
But the company is growing so quickly, only about a third of its fourth quarter revenue was from existing contracts. With that kind of growth, annual revenues will ramp up quickly with 2015 sales expected to up by more than 30%.
That growth is a clear signal that business are getting the message that data security is important, so Varonis should win a bigger share of its $8 billion addressable market. With companies collecting trillions of pieces of data each day about consumers around the world, data security is important to protecting consumer’s identities, but also to protecting a company’s competitive edge.
With the FCC hitting AT&T with the largest data security fine in history, the regulator is obviously getting serious about protecting consumers’ identities. And fines are only expected to grow from here. Tailoring your marketing pitch to individual consumers, a pipedream just a decade ago but a reality in a world in which we live online, is increasingly become key to outselling your rivals. That’s one of the main reasons why marketers have been collecting so much data in the first place.
While our analysts at Smart Tech Investor are paying a lot of attention to the data security theme, you’ll also find companies that gather all that data, others that make the products that store and still more that actually collect it.