Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities.
Many of the attacks are being waged by organized cyber groups that are based abroad, and they are able to steal not only credit card numbers, but personal information — including Social Security numbers — of the card holders, said Michael Merritt, assistant director of the U.S. Secret Service's office of investigations.
Merritt, in testimony prepared for the Senate Homeland Security and Governmental Affairs, said that as larger companies have taken on more sophisticated computer network protections, cyber criminals have adapted and gone after the smaller businesses who do not have such high-level security.
Phil Reitinger, the deputy under secretary at the Department of Homeland Security said there are many simple steps that businesses can take to protect themselves.
"Securing the entrances of one's factory or store is second nature to any business owner and so cyber security protections must become," he said in his testimony to the panel. He added that a recent study suggested that as many as 87 percent of data breaches could be avoided by installing simple to intermediate preventative measures.
Reitinger and Merritt said government agencies are working to coordinate more both with each other and with the private sector to improve cyber security.
But lawmakers working on cyber security legislation in several committees across Capitol Hill are pressing for the administration to do more.
"Security cannot be achieved by the government alone," said Sen. Joseph I. Lieberman, I-Conn. and chairman of the homeland security panel. "Public-private partnership is essential. Together, business, government, law enforcement, and our foreign allies must partner to mitigate these attacks and bring these criminals to justice."