Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practice Consulting Case

130 views

Published on

Help 404 Society overcome their business problems. This presentation includes the introduction prompt and a step-by-step method to solve the case.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Practice Consulting Case

  1. 1. Practice Consulting Case: Society 404 By Waina Landauro, IESE MBA
  2. 2. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 2 IESE Consulting Club Case: Cybercrime Syndicate (1/7) ● Interviewee led (primarily) ● Revenue increase ● Cybersecurity industry Case Prompt 404 Society, a cybercrime underground organisation, makes money from hacking companies. It either extorts money from blocking access to computer systems (ransomwares) or sells its service for corporate espionage. The leader has come to you to help him grow his business. There are lots of hacking products and targets available and the group is confused about which sector to focus on and which products to use to grow the revenues of the business. Clarifying Answers ● The company focused on the Industry sector as their IT systems are usually less protected and is an easier target ● Ransomware extortion cost $50k to develop and can be used for 3 months. Every successful attack brings $10k to 404 ● Corporate espionage costs $100k of development each time but brings back $350k to 404. ● 404 usually pays a 40% commission fee to its agents who successfully performs the attacks ● The market is huge, so competition does not really matter ● 404 Society finds its clients through Dark Web Marketplaces and is paid in cryptocurrencies (Monero) ● The ransomwares have a life cycle. After a while, they become useless and need to be replaced by another updated tool. ● 404 society performed 120 Ransomware attacks and 50 corporate espionage last year all in the industry sector. ● 404 society has the same capacity for numbers of attacks from year to year.
  3. 3. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 3 IESE Consulting Club Case: Cybercrime Syndicate (2/7) Interviewer Guide This is a case that the candidate will need to lead with the use of questioning. The goal of the case is to determine the best product-market fit to boost the revenues of the company. Guide the candidate with answering clarifying questions. The ideal candidates will understand that they need to calculate the revenues of 404 Society First. After being shown exhibit #1, a strong candidate will quickly interpret the cost structure table. The best candidates will include the agent’s salaries and understand the lifecycle cost without being prompted. The best candidates will also quickly compare the current total costs of the company and the costs of investing in Banking attacks. Banking attacks are not possible because they require much more capital. An excellent candidate will realise at question #3 that Espionage is much more profitable than ransomware attacks. Thus the new hires should be placed in the espionage department. An outstanding candidate will see that there is no point on wasting resources on ransomware and will propose to shut it down to only focus only on Espionage. Finally, an outstanding candidate will mention cryptocurrencies and legal aspects of the business as being major risks and will offer creative solutions to mitigate those risks. Timeline 1) Calculate the current revenues of 404 Society 2) Using prompt #1 and Exhibit #1, calculate the margins with Ransomware and Corporate Espionage 3) Make a recommendation on which industry and which product to focus on 4) Using prompt #2 and Exhibit #2, calculate the revenue per agent and make a recommendation 5) Make qualitative suggestions
  4. 4. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 4 IESE Consulting Club Case: Cybercrime Syndicate (3/7) Question #1 What is the current profit of 404 Society? Solution #1 ● Total Costs = 4*50 + 50*(100) = 200 + 5000 = 5200 ● Total revenues = (120*10) + (50*350) = 18700 ● Profit = (120*10)-(4*50) + 50*(350-100) = 13500 → 40% of salaries → 13500*0.6= 8100
  5. 5. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 5 IESE Consulting Club Case: Cybercrime Syndicate (4/7) Question #2 Which industry and which Ransomware should 404 Society focus on to increase their profitability? How much more profit can 404 society increase with your recommendation? (show Exhibit 1) Solution #2 ● Margins from Corporate Espionage ○ Banking = 2*6000 - 20000 = €8M ○ IT = 3*3000 - 6000 = €-3M ○ Industry = 350 - 100 = €250k ○ Energy = 300 - 150/(0.7) = €85k ○ Retail = 50 - 100 = €50k Industry is the most profitable sector for corporate espionage Solution is not Banking. Even though it is the most profitable option, 404 society only invests 5M in development, not enough for the banking option. (Which requires 12M) ● Margins from Ransomware: ○ COVID-19 = (120*10) - 4*50 = (120*10) - 200 = 1000 ○ COVID-20 = (120*10) - 2*120 = (120*10) - 240 = 960 ○ COVID-21 = (120*10) - 6*30 = (120*10) - 180 = 1020 COVID 21 is the most profitable Ransomware
  6. 6. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 6 IESE Consulting Club Case: Cybercrime Syndicate (5/7) Question #3 404 Society is looking to hire 3 more agents. In which department should the company hire those 3 agents? (Show exhibit 2) Solution #3 ● Profit per Agent: Ransomware ○ 120/3 = 40 attacks per agent ○ Cost per Attack = 4*50k / 120 = 1,667k ○ Profit per Attack = 10k - 1.66k = 8.33k ○ Profit per agent = 40*(8.33)= $333k ● Profit per Agent: Espionage ○ 50/10 = 5 attacks per agent ○ Profit per Agent = 5*(350-100) = 5*250= $1250k Espionage is much more profitable than Ransomware attacks. The new recruits should be hired in the Espionage department. The ideal candidate will identify an opportunity to close the ransomware department and transfer all the agents to Espionage
  7. 7. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 7 IESE Consulting Club Case: Cybercrime Syndicate (6/7) Question #4 How else could 404 Society grow revenues? What risks are there to the sustainability of the business? Solution #4 This is the qualitative part of the case, the candidate is supposed to reflect on creative ways to improve revenues. Reflections can include the following: ● Recruit more agents to perform more attacks ● Negotiate better commission (less than 40%) ● Improve the efficiency of development (reduce costs) ● Offer more efficient money laundering scheme (cryptocurrencies are volatile) ● Speculate on crypto-currencies and/or mine them ● Find other revenue channels (ethical hacking, security consulting, government services, spam, credit card theft, identify theft, etc…) ● Contingency plan if getting caught
  8. 8. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 8 IESE Consulting Club Case: Cybercrime Syndicate (7/7) Exhibit #1 CORPORATE ESPIONAGE Industry Revenue per attack (k€) Cost per Attack (k€) Success Rate Banking 20000 6000 50% Tech/IT 6000 3000 33% Industry 350 100 100% Energy 300 150 70% Retail 100 50 100% RANSOMWARE Name LifeCycle Revenue per attack (k€) Cost of Dev (k€) Success Rate COVID-19 3 months 10 50 100% COVID-20 6 months 10 120 100% COVID-21 2 months 10 30 100% Exhibit #2 COMPANY ORGANISATION Department # of AGENTS # of Attacks per year RANSOMWARE 3 120 ESPIONAGE 10 50 Cost Structure of 404 Society Current Organisational Structure

×