Cyberpreneur's Wake-Up Call

For exclusive use at Management Development Institute - Gurgaon, 2014
W13439
CYBERPRENEUR’S WAKE-UP CALL: CYBER SECURITY AND

MILLENNIAL TALENT CRISES
Nakul Gupta, Arjun Bhatnagar and Dr. Jyotsna Bhatnagar wrote this case solely to provide material for class discussion. The
authors do not intend to illustrate either effective or ineffective handling of a managerial situation. The authors may have disguised
certain names and other identifying information to protect confidentiality.
This publication may not be transmitted, photocopied, digitized or otherwise reproduced in any form or by any means without the
permission of the copyright holder. Reproduction of this material is not covered under authorization by any reproduction rights
organization. To order copies or request permission to reproduce materials, contact Ivey Publishing, Ivey Business School, Western
University, London, Ontario, Canada, N6G 0N1; (t) 519.661.3208; (e) cases@ivey.ca; www.iveycases.com.
Copyright © 2013, Richard Ivey School of Business Foundation Version: 2013-10-15
The morning of July 12, 2013, was like any other somnolent Friday morning in the up-and-coming city of
Jaipur. Neeraj Kumar was late for work but still managed to do justice to his daily routine of reading an e-
version of the daily newspaper, the Times of India. Kumar was the director of Percept Softech, the
Lakshyaa Technology Lab’s Jaipur franchise. Jaipur was a progressive city in the state of Rajasthan, in
India.
He swiped his fingers across his tablet computer’s screen, shifting quickly from one article to the next, as
he wanted to return to an item of news that had caught his eye 15 minutes before. The news was about
critical IT (information technology) infrastructure and cyber security. The digital copy of the newspaper
read,1
“The sophistication and complexity of the attacks increases the need for advanced anti-malware offerings
that appreciate the multiple attack points (web, network, device) used to infiltrate the endpoint and
minimize the resources needed to thwart these attacks and protect the asset (device and data).”
He made a print of the article and pinned it to his pin board (see Exhibit 1). He turned away, halted and
then looked back at the entire board. He could suddenly see the dots connect. He should have been
ecstatic, but instead found himself in a state of excited disarray. He wondered whether the dots were
connecting for better or for worse. Cyber-crime was on the rise. A pressing need of the changing times
was cyber security. Cyber security firms had a golden opportunity before them, from both the personal
and enterprise perspective. For customers, information was an indispensable lifeline, but there was an
ironic catch. Despite knowing all this, Kumar knew it would do little to promote his business. He had a
strange, tingling feeling of helplessness. His situation felt very similar to a mirage—the illusion pool that
a person can see in the deserts of Rajasthan—an opportunity so close, and yet so far.
The limitations on the promotion of his idea were not due to scarcity of resources, but they were due to
the very nature of the business. Functioning within the paradigm of ethical business practices and under
1
“45% companies fear attacks on IT infrastructure,” The Times of India, July 12, 2013,
http://articles.timesofindia.indiatimes.com/2013-07-12/pune/40535557_1_malware-kaspersky-lab-idc, accessed July 19,
2013.
This document is authorized for use only in Human Resources Information System / PGHR 2014 by Prof. Jyotsna Bhatnagar, at Management Development Institute - Gurgaon from December
2014 to March 2015.
Page 2 9B13E029
the umbrella of Lakshyaa — the parent company — there was only so much that Kumar could tell people
about what he did and how he did it, in order to secure critical IT infrastructure and enhance cyber safety.
This cap on business promotion extended its ripple effects beyond the marketing strategy of his company;
it affected the management of talent and human resources as well. The sensitive nature of the business
propositions of his company, Percept Softech, made it difficult to attract, recruit, train and retain new
talent in the domain of information security. With the ever increasing spread of information technology
and the rising awareness of the need for information security, particularly since the report of four big
cyber-crimes in India within a span of two months (see Exhibit 1), opportunities were knocking on
Kumar’s door, but his hands were tied. He wanted to grow, but he did not know how. He had options to
consider and decisions to make. In the midst of all of this, there was an inner voice that was making him
wonder, “Is it high time for me to start something that is 100 per cent mine? Should I break free from the
shackles of the giant2 and go solo? Should I find another partner in a related field of information security,
surveillance and e-espionage? Is it being in a second-tier city that is holding me back? Do I need to
relocate from Jaipur to New Delhi?” With these thoughts in his mind, he kept staring at his pin board.
Drumming his fingers and humming to himself, he knew he was getting trapped in his own labyrinth of
analysis. He knew he had to answer these questions and that the clock was ticking.
INFORMATION SECURITY — INDUSTRY BACKGROUND
Growing government and international regulations and increasing IT investment had pushed enterprises
and individuals to improve and to guarantee their information security. According to a recent report by
Gartner,3 “The worldwide security technology and services market is forecast to reach $67.2 billion in
2013, up 8.7 per cent from $61.8 billion in 2012, according to Gartner, Inc . . . . The market is expected to
grow to more than $86 billion in 2016.”
There were three major trends changing (and shaping) the landscape of the information security market in
early 2013 — advanced targeted attacks, big datasets and mobile security. Advanced targeted attacks
were making the contemporary information infrastructure more vulnerable to attacks. Government
infrastructures, corporate databases and personal computers were all targets of these advanced targeted
attacks. Gartner Research Director, Ruggero Contu, opined in 2013,4 “With security being one of the top
IT concern areas, the prospect of strong growth is assured. The increases in the complexity and volume of
targeted attacks, coupled with the necessity of companies to address regulatory or compliance-related
issues, continue to support healthy security market growth.”
Big datasets were increasingly being leveraged by enterprises to make smarter and faster decisions.5 Big
datasets demanded a custom perspective and a novel approach, and hence provided open opportunities for
both the attackers and the protectors. Internet penetration was on the rise in India. While this growth in
internet usage and penetration had opened new avenues for growth, it simultaneously had given rise to the
threat of cyber-crime among India’s cyber citizens. As stated in Pricewaterhouse Coopers’s report, “The
2
The word “giant” here refers to Appin Technology Lab.
3
“Gartner Says Worldwide Security Market to Grow 8.7 Percent in 2013,” Gartner, June 11, 2013,
www.gartner.com/newsroom/id/2512215, accessed July 20, 2013.
4
“Global security market to cross $67 billion by 2013,” The Economic Times, June 11, 2013,
http://articles.economictimes.indiatimes.com/2013-06-11/news/39899440_1_security-market-information-security-own-
device, accessed July 20, 2013.
5
Jim Hare, (IBM), “New Study Details How Real-World Enterprises Are Using Big Data,” October 17, 2012,
www.ibmbigdatahub.com/blog/new-study-details-how-real-world-enterprises-are-using-big-data, accessed July 20, 2013.
2014 to March 2015.
Page 3 9B13E029
State of Information Security Survey — India, 2013,”6 the information security market in India was
growing at the rate of 18 per cent per annum, with a size of US$202 million7 in 2012 and $240 million in
2013. The reasons behind the growth of the information security market in India, according to Gyaan
Analytics,8 were:
Increased penetration of IT services in Banking and Financial Services Industry (BFSI) and in the
operations of small and micro business enterprises, competition in the telecom market, hike in
government spending in IT infrastructure in public sector units, and the vulnerability of Indian IT
infrastructure to hackers, are some of the major factors that are contributing to the growth of the
IT security market in India.
LAKSHYAA TECHNOLOGY LAB
In 2013, the Lakshyaa Technology Lab was the world’s fourth largest critical infrastructure security
solutions company, offering, under one roof, a host of technology-based solutions to diverse segments of
the market, through the optimum use of technology.9 Lakshyaa had more than 110 regional sales and
support centers that catered to the information security needs of over 1,200 small and medium enterprises
in over 75 nations. Its support staff worked with the enterprises, helped them build awareness and carried
the responsibility for ensuring business continuity.
The Lakshyaa Technology Lab had a robust portfolio of solutions especially designed for unique critical
environments. These solutions ensured network and information transmission security, which was critical
to the seamless functioning of any business. Among other security measures, Lakshyaa’s specialists
designed personal firewalls and ensured authentication, authorization and centralized administration,
spam and web filtering, and antivirus and spyware protection. From preventative maintenance to
customized solutions, they provided tailored solutions according to the needs of clients. Not only this, but
Lakshyaa was also involved in training and executive education, to facilitate the nurture of information
security specialists. To augment its reach, the New Delhi-based Lakshyaa Technology Lab offered
franchise options to approved people who wanted to collaborate with Lakshyaa and to run successful
information security businesses.10
THE PROTAGNIST AND THE FRANCHISE
Kumar had been director of Percept Softech, a franchise of Lakshyaa Technology Lab in Jaipur, since
2010. Prior to setting up Percept Softech, Kumar had worked for HCL as a system implementer. After his
stint at HCL and just before opening the Lakshyaa franchise in Jaipur, he had worked as an entrepreneur
in the pharmaceutical sector, involved in the production and distribution of antibiotics, analgesics,
vitamins and many such products across cities in the state of Rajasthan.
In 2010, Kumar had sensed a paradigm shifting opportunity in the cyber security sector. To pursue it
further, he contacted Lakshyaa with the purpose of starting up a franchise of the Lakshyaa Tech Lab in
6
“India’s information security market to touch Rs 1,415 crore in 2013: PwC,” The Economic Times, December 9, 2012,
http://articles.economictimes.indiatimes.com/2012-12-09/news/35705487_1_information-security-security-breaches-
information-assets, accessed July 20, 2013.
7
All currencies are in US$ unless otherwise stated.
8
http://gyananalytics.com/Opportunities%20in%20Indian%20IT%20Security%20Market.pdf, accessed July 20, 2013.
9
www.appinonline.com/about-us.html, accessed July 20, 2013.
10
www.prweb.com/releases/2013/5/prweb10749919.htm, accessed July 20, 2013.
2014 to March 2015.
Page 4 9B13E029
Jaipur. He was interviewed by the franchise operations head at the Lakshyaa head office in New Delhi.
His passion and his experience with HCL allowed him to sail through the interview. Once given the green
light, he invested $15,200 into setting up the franchise, which included the cost of computer systems, a
set-up fee charged by Lakshyaa and the rent for the office building. He started the business with his main
promotion methods, including word-of-mouth marketing, free demonstrations and a few pro bono initial
projects. His clients were loyal to him, and they returned, bringing more clients.
The business offerings of Percept Softech encompassed three major dimensions: enterprise security
solutions, mobile and device security solutions and security assurance solutions and training. Enterprise
security solutions covered critical IT infrastructure security and the definition and compliance of
hardware and software security needs of enterprises in and around Jaipur. Mobile and device security
solutions included security solutions aimed at handheld devices, smart phones, tablets and W-Fi hotspots.
Security assurance solutions and training involved the auditing of IT infrastructure by internal and
external information security experts and the proposition and deployment of appropriate information
security solutions to assure the protection and privacy of sensitive data and infrastructure. The company’s
offerings sometimes even involved helping the local law enforcement agencies in spying and allied
activities, sometimes free of cost. Such opportunities left him with a deep sense of contentment and of
service to his city and his state.
ISSUES AND BOTTLENECKS
Done with the pin board, Kumar moved hurriedly towards his car so that he could reach his office on
time. While driving, he kept thinking and wondering about the matrix of crises and opportunities that the
news pinned on the board presented to him. This was becoming a complex chess game, one which he
wanted to win. Kumar had realized that the focus of the information security business had shifted from
merely protection and mitigation to becoming an enabler of the bottom line. But he was facing a plethora
of problems. The first and biggest problem was his marketing and business growth strategy, which was
not helping him much in the promotion of his business. A business faces recognition and acceptance
problems in the initial phase,11 but in Kumar’s case, the problem was a bit more convoluted. His clients
faced information security challenges, but until they became the victims of cyber-attacks or Internet fraud,
they were not ready to pay for cyber security consulting nor for solutions and training beyond the cost of
an antivirus. Had the problem been acceptance and diffusion of business propositions alone, Kumar
would have handled it efficiently. But on the contrary, the problem was multi-faceted.
The prospective clients of Percept Softech were, more often than not, unaware of the threat that cyber
criminals, hackers and malicious computer scripts posed. Apart from the market being restrictive and
unaware, there were serious bottlenecks to the avenues of promotion for his core business offerings as
well. This was due to the intrinsic nature of the core business offerings. Information security solutions,
spying, vulnerability checks, key logging and allied propositions were difficult to promote. In particular,
Kumar experienced ethical difficulties when he came to market his security assurance and vulnerability
check solutions. In product-specific innovation, demonstrations are relatively easy, but demonstrations of
service offerings could be tricky. When it came to showcasing to a client the expertise that he and
Lakshyaa could offer, he had limited options available. One was to map the vulnerabilities in the e-
infrastructure of the client by accessing the client’s system in real time, before their eyes. But more often
than not, that antagonized the client. A second option was to show the prospective client the
vulnerabilities in somebody else’s e-infrastructure. But that would be both ethically and legally incorrect.
11
R.K. Kazanjian, “Relation of dominant problems to stages of growth in technology-based new ventures,” Academy of
Management Journal, 31(2), 1988, pp. 257–279, www.jstor.org/stable/10.2307/256548, accessed July 20, 2013.
2014 to March 2015.
Page 5 9B13E029
However, without demonstrating what he and Lakshyaa could do to protect the client from cyber-attacks,
it was becoming increasingly difficult for Kumar to make a profit. To make his situation still more
difficult, sometimes he had to deal with clients who would ask him to spy on their own families. He knew
he had to be very tactful in the dispersion of sensitive or hurtful information that could damage
relationships and potentially discredit his own business. But this was just one of the problems that Kumar
faced.
Managing young millennial talent was another big problem for him. They saw his franchise as a stepping
stone rather than as a destination job. Firstly, attracting and acquiring technically skilled, potentially
talented people with appropriate managerial competence was difficult in the small city of Jaipur. People
there had limited knowledge and acceptance of information security solutions. Even if he did manage to
recruit talent, the apprentices and students would not remain long in his entrepreneurial set-up, Percept
Softech. He constantly had to search for a pipeline of young recruits who had high potential as IT
professionals but who were still learning the ropes in the booming Indian software industry, in the hope
that someone with the necessary managerial competence and technical skills would stay with Percept
Softech. As an entrepreneur and a mentor, he would train them, treat them well, and offer remuneration
that was commensurate with their skills. Many would visit his home, and they would enjoy the lunches
and dinners that Kumar and his family would offer. Employees at Percept Softech were treated as family.
Yet after a year or two, they would leave his employment and seek jobs at larger technology companies in
Jaipur or in New Delhi. According to the young recruits, these larger companies were able to provide
more competitive and sustainable income opportunities for them. Cyber security was an important
technical skill that the talented young person would acquire, only to fly thereafter towards greener
pastures. Kumar would once again be alone in his empty nest, scouting for talent. Kumar knew that cyber
security was the need of the hour. He was always hopeful that the situation would change and that he
would someday nurture a chain of young IT professionals knocking at Percept Softech’s door.
These were pressing times, in both global and Indian cyber security, and people were questioning the
American National Security Agency’s global e-surveillance techniques.12 The Indian government was
encouraging information security initiatives and was preparing to set up a cyber-security framework.13
Kumar felt bogged down by his problems and had started to consider what it would be like if he started a
fully owned business of his own. He believed that the time was really good for starting and expanding
information security businesses. Apart from his problems in relation to business growth, inefficiency in
promotion and talent issues, Kumar was now facing another dilemma: Should he start a new business,
away from the umbrella of the Lakshyaa Technology Lab? Should he perhaps partner with a detective
agency? Or should he relocate from Jaipur to a more central location (such as New Delhi), where people
would be more aware of the importance of cyber security, and students would be more interested in
pursuing cyber security training? Kumar reached his office, turned on his laptop, logged onto his
company’s server and started reviewing the daily tasks.
While he was doing this, his mind and heart14 were still distracted, wondering about the dilemmas he
faced and the opportunities and threats that came with those dilemmas. He realized that with these myriad
hopes and concerns running through his mind, he would not be able to concentrate on the tasks at hand.
So he closed the lid of his laptop, got up and went to the painting easel that stood at one end his office. He
took a deep breath, picked up his paintbrush and with slow, smooth strokes, started working on an oil
12
“How NSA hacks the whole world,” Frontline, July 12, 2013, www.frontline.in/cover-story/how-nsa-hacks-the-whole-
world/article4849218.ece, accessed July 20, 2013.
13
Ajai Shukla, “Govt rolls out cyber security framework,” Business Standard, www.business-standard.com/article/economy-
policy/govt-rolls-out-cyber-security-framework-113061300041_1.html, accessed July 20, 2013.
14
Neha Paliwal Sharma and Jyotsna Bhatnagar, “Sitara: Indian Management Style — Capturing Hearts and Minds,”
September 4, 2012, https://www.iveycases.com/ProductView.aspx?id=55640, accessed July 20, 2013.
2014 to March 2015.
Page 6 9B13E029
painting. Humming a Rajasthani folk song, he carefully filled in the colours to complete the profiles of
young Rajasthani men and women15 who appeared to be dancing to the sounds of drums, with camels in
the background of his painting. With the Rajasthani men and women dancing so gracefully to the rhythm
of the drums on the sandy terrains of his beloved Rajasthan, Kumar too entered a state of relaxed trance,
temporarily drawn away from the dilemmas he faced, yet cognizant of the fact that a plethora of decisions
awaited his attention.
15
www.youtube.com/watch?v=GpYlMgt9dkI, accessed July 21, 2013.
2014 to March 2015.
Page 7 9B13E029
EXHIBIT 1: HEADLINES PASTED ON THE NEWSPAPER PIN BOARD
India faced 2,152 phishing attacks in April: Report

Source: The Times of India, June 18, 2013, http://timesofindia.indiatimes.com/tech/tech-news/internet/India-faced-2152-
phishing-attacks-in-April-Report/articleshow_b2/20647740.cms?prtpage=1, accessed July 18, 2013.
Hackers steal Rs 13 lakh from Axis Bank accounts using cloned debit cards
Source: The Economic Times, Greek, June 15, 2013, http://articles.economictimes.indiatimes.com/2013-06-
15/news/39993148_1_debit-axis-bank-cards, accessed July 18, 2013.
10,000 Indians face phishing attacks daily: Kaspersky

Source: The Times of India, June 22, 2013, http://timesofindia.indiatimes.com/tech/tech-news/internet/10000-Indians-face-
phishing-attacks-daily-Kaspersky/articleshow/20711531.cms, accessed July 18, 2013.
45% companies fear attacks on IT infrastructure

Source: The Times of India, http://articles.timesofindia.indiatimes.com/2013-07-12/pune/40535557_1_malware-kaspersky-
lab-idc, accessed July 18, 2013.
2014 to March 2015.

Cyberpreneur's Wake-Up Call

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyberpreneur's Wake-Up Call

Uploaded by

Copyright:

Available Formats

For exclusive use at Management Development Institute - Gurgaon, 2014

CYBERPRENEUR’S WAKE-UP CALL: CYBER SECURITY AND

Copyright © 2013, Richard Ivey School of Business Foundation Version: 2013-10-15

INFORMATION SECURITY — INDUSTRY BACKGROUND

LAKSHYAA TECHNOLOGY LAB

THE PROTAGNIST AND THE FRANCHISE

ISSUES AND BOTTLENECKS

EXHIBIT 1: HEADLINES PASTED ON THE NEWSPAPER PIN BOARD

India faced 2,152 phishing attacks in April: Report

10,000 Indians face phishing attacks daily: Kaspersky

45% companies fear attacks on IT infrastructure

You might also like