Recently, thousands of employees at the Iowa racing and gamingcommission had records with their names, birth dates and socialsecurity numbers compromised when a hacker broke into thecommission's server.

According to early reports, the breach was caused by changes inconfiguration. Michael Maloof, chief technology officer at TriGeoNetwork Security, said that this is the most common way hackers getinto systems to steal secure information.

Phil Neray, vice president of security strategy at Guardium,said that criminals now have automated tools that allow them tosearch for vulnerable Web sites. Maloof added that over the lastsix to 18 months the trend has been to target smaller companies andinstitutions.

“We're all under attack, but if you have a weakness, it will beexploited,” Maloof said.

Maloof said that the best ways to prevent a breach like the onein Iowa from happening at a credit union is to document all changesmake to the system and to make sure a monitoring system is inplace.

“Even the most sophisticated systems make mistakes, so it comesdown to monitoring. It's not if but when you are attacked, and howfast you can detect it and respond.”

Neray said for smaller institutions, like credit unions, thatmay not have the manpower to dedicate to detailed monitoring thantechnology is the answer.

“Technology can automate the monitoring processes and analysisso it reduces the need for more people and also address compliancechallenges. Having someone manually assembles compliance reports isa huge burden and technology can streamline that.”

Neray cited a recent breach a regional bank in Texas werecriminals made transfers to accounts in Europe.

“You need to go beyond the traditional firewalls. A larger bankhas controls in place that would prevent those types oftransactions from happening.”

–[email protected]