ID theft can cost businesses $10m a hit


ID theft can cost businesses $10m a hit

Tash Shifrin

Attacks on computer networks using stolen user IDs and passwords can cause up to $10m (£5.27m) damage a time, an analysis of criminal prosecutions has revealed.

The study of attacks on computer networks prosecuted by the US Justice Department between 1999 and 2006 found that most attacks used stolen IDs and passwords.

The financial damage caused to organisations hit by the network criminals averaged more than $1.5m for each occurrence, with losses in the worst cases going up to $10m.

But the attacks could have been prevented in 84% of cases if device identification and authentication had been used in addition to user ID and passwords, the research commissioned by Phoenix Technologies from analyst firm Trusted Strategies found.

In 88% of cases, attackers had logged onto one or more privileged user accounts, using IDs and passwords obtained through password cracking programs, collusion with company insiders and other methods.

The report says, “Network attacks could have been prevented in 84% of all cases if the organisation had implemented protections. In other words, only requiring user IDs and passwords for network access to high-value information assets should no longer be considered adequate network security.”


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy