WASHINGTON — The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cyber crime, as hackers become increasingly skilled at breaching the nation's antiquated payment systems, experts say.
Traditional defenses such as installing antivirus software and monitoring accounts for unusual activity have offered little resistance against Eastern European criminal gangs whose programmers write malicious code aimed at specific companies or buy inexpensive hacking kits online. Armed with such tools, criminals can check for system weaknesses in wireless networks, computer servers or stores' card readers.
Nearly two dozen companies have been hacked in cases similar to the Target breach and more almost certainly will fall victim in the months ahead, the FBI recently warned retailers, according to an official who spoke on condition of anonymity because the official was not authorized to speak publicly. The names of all of the compromised firms have not been revealed, nor is it clear how many shoppers have had their credit card numbers and other personal data stolen.
Banks, retailers and policy makers have been slow to address the growing sophistication of cyber criminals. Only 11 percent of businesses have adopted industry-standard security measures, said a recent report by Verizon Business Solutions, and outside experts say even these "best practices" fall short of what's needed to defeat aggressive hackers lured by the prospect of a multimillion-dollar heist.
"You're going to see more and more people trying this," said Nicolas Christin, a security researcher at Carnegie Mellon University. "If you just saw your neighbor win the lottery, even if you weren't interested in the lottery before, you may go out and buy a ticket."
Cyber crime cost U.S. companies an average of $11.5 million in 2012, according to a study by the Ponemon Institute, up 26 percent compared with the previous year. The effect on consumers can last for years, as they are left vulnerable to bogus charges and potential identity theft.
Experts say that reversing the rise in major data breaches would require expensive upgrades, including the adoption of end-to-end encryption, the walling-off of the most sensitive data on separate networks, and the adoption of newer credit card technology that holds customer information on an embedded chip rather than the familiar black magnetic strip now on most American cards.
Hackers lifted 40 million debit and credit card numbers from Target customers during the holiday season. The company later said thieves also grabbed personal information, including names, home addresses and telephone numbers, of an additional 70 million customers. Other companies, including Michael's and Neiman Marcus, have since reported breaches.