The money has since been traced to a Dutch bank account with no connection to Feyenoord at all. Somebody posing as the club with an official email signature had taken the money and run. Clearly this cyber attack, like most, was driven by the goal of monetary gain and so we can assume that it’s financial teams in organisations that are most at risk of being targeted. The most successful of these infiltration attempts are made by individuals hiding in plain sight, posing as legitimate and well established contacts and targeting more junior employees.
This is why it’s so important for organisations to be aware of these risks and to encourage a culture of education and communication that brings different teams together. An update in company culture and structure such as this needs to be instigated from the top. The Lazio case highlights the fact that financial directors and CFOs need to advocate a proactive discussion about cyber-security across finance and IT departments.
New technologies should also be embraced to help where possible. User and entity behaviour analytics (UEBA) is one example which captures user and login data to build up a profile of usual behaviour. This makes it much easier to recognise an irregularity or data breach, such as an external party getting hold of an employee’s login details.
Ultimately, human error will continue to be a factor so employees need to be made aware of just how easily simple mistakes can be made and what those errors can lead to. Some incidents will remain inevitable but the focus should be on learning and development rather than blame and punishment if companies and individuals are to move forward to a more protected and efficient environment.Posted In : UK, Europe, Tips, Security