Victim: Brainvisa Technologies
Accused: Sameer Inamdar, Enthhuse Technologies, Pune
Loss estimated / claimed: Rs. 47 cr (US $ 9.5 m) as per reports in case study presentation and newspapers whereas The Learning Man site reports this at Rs 200 cr. The management did say that they still have to calculate the total tangible and opportunity loss.
Pune based elearning company Brainvisa lost a big chunk of business to a competitor. Unknown to them, they had been losing money for over 2 years which they realized recently sometime in late 2008 so the loss may be higher.
The weakest link is the insider and this was proven in this case too - one of their VPs left the company to start his own venture in the same e-learning space.
This person left Brainvisa to start Enthuse technologies and the company grew fast and quick. They used a lot of materials (designs, code, technology) which the founder (ex-employee of Brainvisa) carried with him. Of course, this person was a senior at Brainvisa and was privy to a lot of IPR in the form of concepts, source code, designs, learning programs etc. besides customer, sales and vendor information.
In addition to the theft of IPR, Brainvisa suffered due to the collusion of their employee with this company while in active employment. Their Marketing / Customer Accounts Manager, a lady who was based in USA would pass on leads and information to Enthuse while she was employed with Brainvisa !
The undoing of Enthuse came about when they started posting materials which were blatantly plagiarized versions of Brainvisa IP. That's when Brainvisa management realized that these guys had their assets and closer investigations led them to discover the nexus with the internal staff.
Finally, when they discovered the fraud, they reported the matter to the cops in Pune and a raid was carried out and the owner of Enthuse was arrested. A lot has happened and there have been a lot of changes at Brainvisa, since.
I was at an event in Pune where the Cyber Crime team and the Brainvisa management presented the facts of the case. They have brought in a lot of changes in their organization in terms of processes and procedures and I am sure these efforts will be good for the organization. The heartbreaking fact is that the incident has happened and caused loss and one can blame lax controls.
Takeaway: It is not just large corporations which are expected to implement Quality and Security standards like 6-Sigma, ISO 9001, 27001 etc. Mid sized and small companies must also look at implementing best practices - after all they are also in the business to make profits and they too have regulatory obligations. However such companies must ask hard questions about the value benefits they will derive from any implementation and must ask the implementing agency for assurance / guarantees for the same.
The reason is simple - every best practice brings ROI and if this it not visible in terms of increased efficiency and productivity then something is wrong. Simple - make sure your investment does not bring you a piece of paper to frame and hang on your wall because even if you do not take the certification you can still benefit from the implemntation.
I shall update this post if I get to know more about the progress in the case.
The Learned man!
Labels: cyber crime, employee collusion, india, insider threat, ip theft, security incidents