TJX and Heartland hacker sentence strong deterrent says CTO of Imperva   London, 26th March 2010 - Albert Gonzalez the hacker who masterminded the breaches at TJX where 11.2 million payment card details alone were stolen has been sentenced to 20 years in jail for the part he played in organizing one of the largest theft of payment card numbers in history. Gonzalez will be sentenced for his involvement in breaches at Heartland Payment Systems today, Heartland Payment Systems was the largest data breach worldwide in 2009 with 130 million payment card details stolen.   Amichai Shulman, CTO of Imperva said, “The lesson to draw from today’s sentencing is simple: enterprises are fighting today’s cyber war with yesterday’s technology. Hackers continue to put up a persistent and very real threat to enterprise systems.

 London, 24th March 2010 - On April 6, the ballgame for data security in the UK changes because, as from that date, the Information Commissioners' Office (ICO) has the power to fine organisations up to 500,000 pounds - up from 5,000 pounds previously - for serious data leaks or losses.

According to Amichai Shulman, chief technology officer with data security specialist Imperva, the critical element in this regard is clearly stated in the ICO's guidance on the new penalties (http://bit.ly/5byF1f) for breaking the provisions of the Data Protection Act (DPA).

 The guidance states that penalties will be incurred where the "data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress."

"The crucial wording in the guidance notes is that `the data controller must have known - or ought to have known - that there was a risk that a contravention would occur and ought to have known that there was a risk that a contravention would occur'," said Shulman.

London, 23rd March 2010: Research conducted across Europe, the Middle East and Africa (EMEA) by ISACA, a non-profit association of 86,000 global information technology professionals, has found that a quarter of enterprises that already use cloud computing believe that the risks outweigh the benefits (a fifth in the UK), yet still carry on regardless. This perhaps recognises the relative immaturity of cloud computing usage and the uncertainty of the balance between risk and reward.  Of the more than 1,500 professionals sampled across more than 50 EMEA countries, 33% already use cloud computing (40% in the UK);

According to ISACA’s survey, the IT Risk/Reward Barometer, EMEA, with regard to future use of cloud computing:

•             9.4% of respondents (8.9% in the UK) plan to use cloud computing for mission-critical IT services;

•             8.8 % (9.6% UK) will only use the cloud for low-risk, non-mission-critical IT services;

Imperva says social networking sites need to take more responsibility on user security issues   London, 18th March 2010 - Responding to reports that Microsoft, Facebook and Twitter seniors are blaming weak passwords for the ongoing security problems of social networking sites, Imperva says that social networking sites need to take more responsibility for steering users in the direction of stronger passwords.   The comments by the panel of experts at the South by South Interactive event fail to take in account that people can - and frequently do - choose bad passwords, says Amichai Shulman, chief technology officer with the data security specialist.   "Coupled with the fact that users of these sites often don't use any IT security software and can be quite gullible at times, it's down to the operators of these sites to mandate the use of strong passwords," he said.   "Education as to the reasons why strong passwords are required is also useful, but far from essential.