Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches.

At a recent Educause/Internet2 conference for computer security professionals, federal and private-sector officials discussed the evolution of cyber criminals and the latest group of security threats. Their goal was twofold: to share strategies for protecting campus information, and to press upon school leaders the importance of educating a new generation of cyber defenders.

"A big shift is occurring: Hackers are becoming thieves, and everything from intellectual property to identities are being stolen in record numbers," said Brian Foster, vice president of product management for Symantec Corp.

As conference attendees--who ranged from those in suits sporting security badges to internet junkies with ripped jeans and various equipment bags--laughed and got to know each other over waffles and grapefruit, the mood suddenly sobered as Gregory Garcia, assistant secretary of cyber security and communications for the Department of Homeland Security (DHS), took the podium.

"Threats are becoming more sophisticated and are occurring on a global level," said Garcia. According to DHS statistics, more than 1 million malicious codes have been written, an increase of 500 percent since last year. On any given day, 40 percent of those codes are "botnets"--a collection of software robots, or bots, that run autonomously and on groups of "zombie" computers controlled remotely.

In fact, according to these same statistics, more malicious code is written than regular code--and more than 80 percent of organizations affected by botnets are not aware they've been compromised.

However, "phishing" is still the most common cyber threat, with more than half of all scams masquerading as government web sites.

PrivacyRights.org, a web site that tracks the number of records containing sensitive personal information that are involved in security breaches, notes that since January 5 nearly 227 million records have been breached.

"Cyber criminality is shifting from fame-motivated hackers to financially motivated thieves," said Foster. "Hackers were highly visible, indiscriminate, and had only a few named variants. Today's cyber thieves are silent, highly targeted, and have overwhelming variants."

Foster said companies and organizations today send more than 70 percent of their intellectual property through eMail, which is risky, considering that 40 percent of all malicious code trends deal with the sharing of executable files and 32 percent with eMail file attachments. Stolen information is then sold through online black markets to the highest bidder.

"The education sector accounts for the majority of data leakages with 24 percent of all breaches, followed closely by the government," revealed Foster. "And unfortunately, theft and loss are still the [top] reasons that data leakages occur."