The company blasted the agency for “overreach” and said the enforcement action “should alarm all public companies and cybersecurity professionals across the country.”