Hackers' new strategy is to steal identifying information
Instead of trying to crash corporate, government and university computers, hackers are focusing on stealing personal information such as your Social Security or credit card numbers from them, a new survey says.
Figures from the Computer Security Institute, an organization of information-security professionals, and the FBI show that more computer systems are better prepared to identify and fend off computer attacks. Yet the report also concludes that profit-minded hackers are targeting enterprises with large customer and employee databases.
"The crooks are shifting their focus" to stealing the personal information of individuals, says Robert Richardson, Computer Security Institute's editorial director. "That's where the money is."
Last year, U.S. enterprises lost, on average per respondent, $203,606 to 13 forms of cyber attacks, down from $526,010 in 2003, according to the survey of 700 businesses, government agencies and universities. But hackers are pinching proprietary data with greater frequency by exploiting holes in Web sites and applications, and through phishing, says Erik Caso, vice president of business development at NT Objectives, a computer-security company.
In those types of breaches, respondents who said they were victims of unauthorized access to information reported, on average, about $300,000 in losses last year. That's up from about $50,000 in 2003, the survey says.
