A cautionary tale: The Lazio case
Cyber-security is more important than ever before, as Serie A football club, Lazio, found out the hard way in March. After signing Dutch centre back Stefan de Vrij in 2014 from Feyenoord, Lazio agreed to pay his £6.8m fee in installments. Nothing seemed out of the ordinary when they received an email, including bank details, appearing to be from Feyenoord requesting the final payment of £1.75m, so they dutifully sent over the money. It wasn’t until later when Feyenoord hadn’t received the payment and, in fact, claimed to have no knowledge whatsoever of the email being sent, that alarm bells began to ring.
The money has since been traced to a Dutch bank account with no connection to Feyenoord at all. Somebody posing as the club with an official email signature had taken the money and run. Clearly this cyber attack, like most, was driven by the goal of monetary gain and so we can assume that it’s financial teams in organisations that are most at risk of being targeted. The most successful of these infiltration attempts are made by individuals hiding in plain sight, posing as legitimate and well established contacts and targeting more junior employees.
This is why it’s so important for organisations to be aware of these risks and to encourage a culture of education and communication that brings different teams together. An update in company culture and structure such as this needs to be instigated from the top. The Lazio case highlights the fact that financial directors and CFOs need to advocate a proactive discussion about cyber-security across finance and IT departments.
New technologies should also be embraced to help where possible. User and entity behaviour analytics (UEBA) is one example which captures user and login data to build up a profile of usual behaviour. This makes it much easier to recognise an irregularity or data breach, such as an external party getting hold of an employee’s login details.
Ultimately, human error will continue to be a factor so employees need to be made aware of just how easily simple mistakes can be made and what those errors can lead to. Some incidents will remain inevitable but the focus should be on learning and development rather than blame and punishment if companies and individuals are to move forward to a more protected and efficient environment.
Subscribe to our newsletterPlease note that the information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice. No responsibility for its accuracy or correctness is assumed by Pearson Solicitors and Financial Advisers Ltd or any of its members or employees. Professional legal advice should be obtained before taking, or refraining from taking, any action as a result of this article.
This blog was posted some time ago and its contents may now be out of date. For the latest legal position relating to these issues, get in touch with the author - or make an enquiry now.