Based on the progress that was made in 2015, There are a few great things that businesses could look forward to in the new year.

Here are what I consider the major technology trends to look at in 2016.

The Trends

The Internet of Things

I predicted that 2015 was going to be a growth year for the IoT, and, sure enough, it has been.

Cisco suggests that in ten years there are going to be over 50 Billion devices connected to the Internet and the entire market will be worth US$14 Trillion. That’s no small figure.

And more so the security and privacy concerns, with cars being hacked, and Barbie dolls possibly being able to leak private information.

I see no end to the hype, and I predict that this trend will continue. More and more “internet connected” devices will proliferate the market including wearables, along with more security concerns.

We may actually see some standards happening this year.

Virtual and Augmented Reality

Virtual reality is about creating and seeing virtual worlds. Augmented reality is about adding more information to the world that we live in.

And both is expected to take a pretty big leap this year.

While VR and AR have been around for decades (anyone remembers the movie, the Lawnmower Man?), with expected commercial releases this year of Facebook’s Oculus Rift and Microsoft’s HoloLens, there is a greater chance of these technologies going mainstream.

While Google Glass didn’t fare too well, I do think that the releases by Facebook and Microsoft will help move the technology along. Besides, Google took a step back and brought you Google Cardboard.

Artificial Intelligence

AI was a huge deal this year.

First Google open-sourced TensorFlow, the software engine that it uses for its deep learning services. Then later, a group that includes Elon Musk and Sam Altman unveiled a US$1 billion non-profit called OpenAI that will share all of its AI research to the world.

Of course, Google and OpenAI aren’t the only players in the game, and other players such as IBM’s Watson has been around for quite some time. But these developments open AI to everyone, and will help push development along.

AI has been a touchy subject. Stephen Hawking, Bill Gates, Elon Musk, and Steve Wozniak have all sounded alarms over the rise of AI, including AI in warfare. This is one of the reasons that Musk put money behind OpenAI to begin with.

AI along with advances in robotics will make automation easier by creating intelligent robots. It means that routine manual labour, including dangerous tasks, may soon be able to be performed by robots. This automation is causing concerns among some people. Oxford University researchers have estimated that 47 percent of U.S. jobs could be automated within the next two decades.

I, on the other hand, see huge potential for both business and society as a whole.

Trends that didn’t happen in 2015

Before we go, let’s take a look at my 2015 predictions that didn’t quite pan out, but I still think might do well this year.

Wider adoption of enterprise wireless networks

The adoption rate has been slow for the newer IEEE 802.11ac standard, albeit growing. The slow adoption has been blamed for either the lack of endpoints that support the standard, as well as the cost of the access points. However, growth is expected to pick up this year as more end-points are released that support the AC standard, and the access points become cheaper.

Software Defined Networking

SDN in the data centre didn’t happen as I expected. While development of an SDN standard still continues, the adoption of SDN has been slow.

Slow growth in the data centre can be attributed to lack of readiness in both the infrastructure and the people, the cost of implementation, the cost of related hardware and software, and a lack of perceived value of such systems.

One area where it has grown though is in the Software Defined WAN. Quite a few providers have solutions to help manage WAN traffic such as Cisco’s Intelligent WAN. Carriers have also invested heavily into SDN and Network Functions Virtualisation (NFV).

At this point, I still expect growth of SDN in the data centre, but it will be slow.

Greater IT security within organisations

Against my hopes, the rash of breaches in 2014 didn’t quite stem the breaches in 2015. In fact, there seemed to have many more high profile breaches. The Ashley Madison hack was probably the most famous, and apparently didn’t seem to stem the growth of users allegedly looking for extra-marital affairs.

But the most serious hack, in my opinion, is the VTech data breach, where 5 million customer accounts and kids’ user profiles were breached. Luckily, it appears as there was no ill-intent to the breach, however, it should make us wonder in this connected world, how great is the threat to our children.

I could only hope that 2016 would bring some sense to people to properly secure their data.

More?

Do you think there are any trends that I missed in my list? Or do you think I’m wrong about anything here?

Let me know in the comments section below.

I take this opportunity to wish you a happy and prosperous 2016. Be safe out there.

Original article: 3 technologies businesses should look out for in the new year'">Technology Trends for 2016 3 technologies businesses should look out for in the new year

©2025 Interxect Services Limited. All Rights Reserved.

Before you click away, let me tell you a story…

I went to a conference recently and got a few pens and a couple of Hershey’s chocolate minis. I put it in my pocket and went my merry way.

When I reached home, I pulled out the pens from my pocket only to find some brown stuff on one. My immediate thought was that it was the chocolate melted and leaked out onto the pen.

To test this theory, I licked it, and… let’s leave it at that for now.

I could have just smelt it, or not bother and wipe it off, but I chose to taste it instead.

I say this not to gross you out, but to say, that no matter how smart you may think you are, you do some really stupid things sometimes.

The same thing happens with emails with seductive subject lines. Or links that promises something good if you click it. Things that lead to only bad things for users, and your data.

You would think that incidents such as these would never happen?

After all, you’ve spent loads of time training users. You’ve handed out lots of information about being safe on-line. You’ve shared instances of breaches due to human error.

But they do.

We should know better. It should be an automatic feeling that clicking that link or opening that attachment is a bad idea.

But we do it anyway.

That is why I say that awareness training is part of an arsenal that you have to stave off malicious attacks. But there’s bound to be some human error sometime, and you have to be ready for that.

So you have to have proper and updated anti-virus and anti-malware software. You need to put in that next generation firewall protection on the corporate network, and more firewall protection on PCs. You must have properly functioning backup systems in place to protect your data.

Technology needs to get better. Law enforcement needs to be stronger.

You still need security awareness training, and if the human being was perfect, then awareness training may be all that was required to protect your data.

But we are not.

As for that brown stuff… it was chocolate. But what if it wasn’t?… EWWW!

Original article: Why we can't totally trust people with information security'">Stupid people and data security Why we can't totally trust people with information security

©2025 Interxect Services Limited. All Rights Reserved.

I recently was called in by a non-profit saying that there was an issue with their file server, and they suspected malicious intent by somebody on the inside.

After a short investigation, I found the issue was the CryptoLocker ransomware. The malware encrypted all the files in the servers, which were shared via mapped drives.

I explained that it was not sabotage by anyone, but an unfortunate mistake by one of their users.

There was little I could do as they took too long to seek help. The time to get the files decrypted had passed and they couldn’t pay the money. Their only option was to restore from backups.

What is Ransomware

Ransomware is malicious software that when executed proceeds to extort money from you in some way. Examples of ransomware include:

• Fake antivirus scanners that claim to have found malware on your PC and demands money from you to clean them up. If you don’t pay it annoys you with pop-ups or may even prevent you from using your PC.
• Fake alerts that claim that your machine has been locked by federal police for illicit content on your PC and says that you need to pay a fine.
• Encrypting ransomware is the worst of the bunch. It encrypts certain files like files in your documents folder and on mapped drives, and then demands payment to decrypt it. CryptoLocker demands a payment of anywhere from US$500 to US$1500 in Bitcoin to decrypt your files. The use of Bitcoin makes the transaction difficult to trace.

You can remove the first two types using tools from reputable anti-virus makers and pose little risk other than a headache.

Encrypting ransomware like CryptoLocker, however, is the most dangerous. It uses public/private key encryption, which makes decryption impossible without the private key.

The ransomware scourge is truly frightening and I saw firsthand the effect it can have. Larger organisations may have the technology to reduce the risk, but how can smaller organisation do that?

Several organisations, when faced with the CryptoLocker malware, paid the ransom. This cost less than it would to restore from backups, which can takes days, and cost thousands more in downtime and overtime costs.

All authorities say that you should not pay the ransom, even for the CryptoLocker malware.

I agree.

Paying the ransom money only encourages these criminal organisations to continue their enterprise. It also goes towards financing the development of even worse tools.

Protecting your Business

So how can organisations protect themselves from this risk?

1. Use anti-virus software as a preliminary defence. AV software offers some level of protection from known attacks. Heuristic detection for unknown attacks is also getting better. But AV may still be ineffective against new versions of ransomware software, otherwise called zero-day software.
2. Be cautious of email, even from known people, asking you to open files or run software to view something. Scrutinise grammar and salutations. For example, if someone you know consistently calls you John, but the email addresses you as Jonathon, or Mr Smith, that should raise red flags. As a default, you should not open any files unless you are expecting it, or you call the person first to verify that it is legit.
3. Change your operating system preferences to show the entire file name, including extensions. This will help you determine if a file is an executable. Executable files have .exe or .com extensions. Malicious files often come with names such as document.pdf.exe, or spreadsheet.xls.com with icons that show up as a pdf or excel file. If you “hide extensions of known types” then the files will show up as document.pdf or spreadsheet.xls, making it difficult to identify it as a malicious file.
4. Heed warnings of anti-virus software or operating systems whenever you try to open a file. With user access control (UAC) on Microsoft Windows enabled, users are prompted if they want to run a particular application. Or an AV firewall may ask if you want to allow a particular file or application to access the internet. If you didn’t intend to run a file or application, then click no.
5. Configure your firewalls and antivirus to block email attachments with executable files if it is able to. There should be no reason for executable files to be sent to you via email. If someone has to send you an executable file, let them use ftp or a Dropbox link or similar, and then call the person to find out if they intended to send you those files.
6. Train your users to recognise threats. I admit that this is becoming increasingly difficult to do. I’ve seen some examples of malicious sites that were hard to discover as such. And I’m a security expert, far less a chance for the typical computer user to figure that out. However, awareness training for users helps reduce risks of those sites that they can identify, so it’s still worth doing.
7. Avoid mapped drives. This is hard for some organisations, but many malicious applications (not just Crypto Locker) scans all local drives, and will see the mapped drive as a local drive. If mapped drives are not used, then they can’t be attacked. This is not to say that another version of CryptoLocker won’t be released that will scan the network and enumerate files, but for now, eliminating mapped drives can mitigate the risk.
8. Use the principle of least privilege. This means that users are given the privileges to only do what they are required to do, and no more. This involves the creation of “whitelists” of what applications they can run. So if they accidentally try to run a malware nothing will happen.

Beyond these steps, there is little else any organisation can do. It’s up to the authorities to take down these criminal organisations, which are often on the other side of the globe.

The internet can be a dangerous place, but you can safely use it for personal and business benefit once you take the proper precautions.

Be safe out there.

Original article: 8 things you can do to protect yourself'">Protect your business from Ransomware 8 things you can do to protect yourself

©2025 Interxect Services Limited. All Rights Reserved.

The Bleeding Heart Bug

The Heartbleed bug (CVE-2014-0160) was publicly disclosed on Monday and affects specific versions of the OpenSSL application. OpenSSL is a generally used open-source implementation of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Cryptographic method and is used on about 66% of all public websites. The bug has been present in the software since December 2011.

The bug is not a weakness in SSL/TLS itself, but rather is bug in OpenSSL implementation of it that can potentially allow attackers to access the unencrypted data stored within a server’s memory. With enough data, an attacker can find out your server encryptions keys, your passwords and any other information passed over the communication. The attackers can then use the compromised keys to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Who are vulnerable?

Because of the widespread adoption of the OpenSSL software and the ability to be attacked without leaving a trace, it means that we are all vulnerable because you can’t tell if your data has been compromised.

Not only websites are vulnerable, as many hardware and software vendors implement use OpenSSL in their products. Cisco and Juniper has listed advisories warning of the bug in their products.

What should you do?

All businesses, website owners and users of affected services should take action on this bug.

Step 1: Determine if any of your servers may be affected.

You can use the check script on Filippo Valsorda’s web site to check your public services.

Check with vendors if any of your internal services may be affected.

C|NET has a list of the top 100 sites around the web to determine if they have been patched or may be affected

Website owners with their sites on hosted services should check with their service provider if they have taken action on the bug and if they were ever vulnerable.

Step 2: Patch services for which you are able to patch yourself.

These include any owned servers or virtual servers that you use, or internal, private servers or devices.

Step 3: Re-Key your SSL Certificates

This involves regenerating and reinstalling the private keys on your servers. While the risk may be small, the fact that you will not know if your key was compromised, this is a recommended precautionary step.

Step 4: Change your passwords

It’s important that you change any passwords that you may have on any of the affected systems AFTER you have patched OpenSSL and re-keyed your certificates. Doing so before you performed the prior steps means that if your keys were compromised, an attacked would be able to discover your new passwords.

If you are a service user and don’t run any services yourself, find out from the provider if they were vulnerable and if they patched their services (or use the check script in Step 1).

Don’t Panic

While the bug is serious, it’s important to not panic. Keep a clear head and follow the steps.

For more information about the bug and to keep updated check out heartbleed.com.

Original article: Don't let it ruin your day'">The Heartbleed Bug: What is it and what to do about it Don't let it ruin your day

©2025 Interxect Services Limited. All Rights Reserved.

What does an MSSP do?

MSSPs provide a variety of services, such as:

• Security monitoring – monitoring of firewalls, intrusion detection/prevention systems (IDS/IPS), system logs, etc.
• Managed Spam Services – scanning of email for Spam and malicious content
• Managed Storage Services – services such as backup/restore, archiving for compliance purposes, or disaster recovery services.
• Threat Intelligent – aggregate warning system based on feedback from multiple end-users.
• Compliance auditing – auditing for compliance with government or other regulations
• Vulnerability assessments and Penetration testing – scanning and testing of systems for vulnerabilities
• Managed Network Services – monitoring of networks for performance and outage issues
• Identity and Access Management – services allowing authentication across heterogeneous systems, while maintaining compliance requirements

MSSPs are growing, and Gartner believes that the Managed Security Services (MSS) market will be worth US$2.1b in 2013, and projected to reach US$3.1b in 2013.

My concerns on IT Security Outsourcing

Firstly, let me mention my concerns about outsourcing the IT security function.

1. Accidental/Intentional leaking or theft of secret information by agents of the MSSP. This is my greatest concern, although it probably has the lowest chances of happening. Contrary to popular belief, few security professionals or agencies are willing to risk their reputations to steal or leak data, but it can happen (think of Edward Snowden). A MSSP may have access to a lot of systems and data, and does pose a risk. Capturing this risk can be difficult, as you can monitor for unauthorised access, but how do you monitor for access to data that the MSSP has to access to perform their duty?
2. The MSSP goes out of business. Don’t think that this can’t happen, because it has happened before, and it will happen again. What happens when your MSSP goes dark, do you have a contingency? Without the experience in-house, and the time it would take to find another MSSP, you will be placed in a very risky situation.
3. The MSSP fails to perform as expected. So you have a breach, and customer data is purloined, while your MSSP was supposed to be monitoring for intrusions. Who is held responsible? You can outsource your activities, but you can’t outsource your responsibilities; you are ultimately accountable for securing your systems.

Are there advantages?

There are several advantages of MSSP.

1. Lower cost. This is often the main advantage cited by enterprises for going with an MSSP, but, I warn you, should not be the only reason for outsourcing. Because of economies of scale, a MSSP can charge a fraction of what it would take to outfit your organisation – hardware, software and people – to provide the services provided by the MSSP.
2. Greater expertise. Because a MSSP may be specialised, they are more likely to have a higher calibre of security professional within their team. Additionally, because they are exposed to the systems of other organisations, they can develop best practices that they could then use for your organisation.
3. Greater intelligence. Again, the MSSP has data coming in from several organisations, and are in a position to capture events before they strike your enterprise. They could even develop new ways of analysing data to improve detection of threats.
4. Greater scalability. The service of an MSSP can be scaled up or down with little effort of the organisation.

Can you have your cake and eat it too?

Now, you have to admit, those are pretty good advantages. So how can you get those advantages while addressing the risks?

Firstly, build your own capabilities. To discover possible leaks or attempts mean that you must have the skills necessary in-house to do that. This team does not have to be big – 1 or 2 persons – as the bulk of the operational work will be performed by the MSSP. The in-house team will be responsible for managing the IT security systems, and ensuring that the MSSP is on the up and up.

Secondly, keep your IT security management in-house. Outsource the monitoring and testing activities such as monitoring of system logs and IDS/IPS systems, and vulnerability and penetration testing, but keep the management and configuration of systems being monitored or testing with your in-house staff.

Thirdly, build a relationship with the MSSP and audit them regularly, to ensure that they have the proper policies in place and that they are following them. Also, check their audited financials to look out for red flags pointing to a failing business model.

Lastly, build your service level agreements and payment contracts based on performance. That is, that your MSSP must perform to a certain standard to get remunerated for their services. These standards must be SMART – Specific, Measurable, Attainable, Realistic and Time-Related – and reasonable. Remember, that when negotiating with an MSSP, that this is a partnership, not a battle; always aim for win-win.

So…

At first I was extremely wary of outsourcing IT security functions. I still take the position that if an organisation is able to, then it is preferable to have an in-house IT security team for all aspects of IT security. But the more that I look at the services that MSSPs provide, and the benefits that enterprises can obtain, there is a strong case for outsourcing some aspects that an organisation is unable to undertake.

Original article: There may be advantages to be had after all!'">Should you outsource your IT Security? There may be advantages to be had after all!

©2025 Interxect Services Limited. All Rights Reserved.

Whenever I ask prospects this question and they tell me, “No!” – and most prospects do say no – I laugh heartily… in my head of course.

Breaches have now become an almost inevitable part of data networks. You can’t prove a negative, so you can’t say that you’ve never been breached, but that you’ve never discovered one… yet. Or perhaps they have conveniently defined what a data security breach is so that they don’t have to call a breach as one.

A data security breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an unauthorised individual. This unauthorised individual could be a malicious attacker, or an internal employee, and you should be monitoring for both.

You would find though, that many enterprises are not monitoring for internal breaches, and focus on external attacks. However, external breaches are becoming increasingly difficult to detect. The Trustwave 2013 Global Security Report found that 64% of the attacks on those surveyed took more than three months to contain, with 14% taking up to 2 years, and 5% even longer. The Verizon 2013 Data Breach Investigations Report found that the discovery of 66% of breaches of those surveyed, took months or more.

Targeted attacks are some of the most difficult, as the attackers are willing to invest both time and money for a much larger payoff. These attacks, often called Advanced Persistent Threats (APT), may take place over several days, weeks or even months and use evasive techniques to avoid detection with the aim to create a connection that they could continually siphon information from the infiltrated network. And don’t believe that these attacks cannot happen to you, as SMEs are also being targeted.

The problem is that current technology may not be enough to discover these attacks, because they take place over a long period of time, the traffic may seem benign, or for the most, a nuisance. Security Information and Event Management (SIEM) software was supposed to help with this, but it may not be enough. Security Analytics now offers the best promise for detecting these attacks as they analyse vast amounts of data to alert on possible security events, but it’s still a developing technology.

For now, your best protection is to follow standard security practices such as defence-in-depth, the principle of least privileges and keeping your systems updated and patched. Also train your users to practice safe computing.

So next time someone asks if your data has ever been breached, if you’ve never discovered one, say, “We’ve never found any evidence of a data breach!” To say otherwise would be lying.

Original article: Think hard before you answer that question.'">Have You Ever Had a Data Breach? Think hard before you answer that question.

©2025 Interxect Services Limited. All Rights Reserved.

A friend of mine recently quipped, “Do people still depend on firewalls for security?” I think he was alluding to the idea that the firewall plays a far lesser role in protecting your network as it once did. But it still does play a role.

The firewall is still your network’s first line of defence from outside threats. However, with security threats evolving, they are becoming harder to block at the firewall level. Even though a threat may not be advanced, it may be hard to discern from harmless activities. For example, how can a user determine a malicious PDF file from the harmless ones? The same goes for network traffic, how can a firewall determine malicious web traffic, from harmless ones? Intrusion detection and prevention systems (IDS/IPS) were developed to counter these attacks and were either additional devices or modules in firewalls.

But the IDS/IPS were always considered and configured separately from the firewall. Then enter the Next Generation Firewalls (NGFW). The NGFW was coined by Gartner Research and has a defining feature of the IDS/IPS features being integrated within the firewall and not as an add-on. Specifically, Gartner defines a NGFW as having the following minimum features:

• Standard first-generation firewall capabilities such as packet filtering, network address translation (NAT), stateful inspection, etc.
• Integrated IPS rather than co-located services. Someone configuring rules on the firewall should also be able to configure the IPS at the same time without going to another module.
• Application awareness and full stack visibility so that it’s able to discern the different services within an application regardless of the port that it operates on.
• Security intelligence whereby it may use an external database to help make optimal blocking decisions.
• Supports upgrade paths for new techniques to address future threats.

I don’t know why they call it the next generation firewall. What would they call the generation that comes right after? The next next generation firewall? Or perhaps NGFW2? Anyway, that’s beside the point.

I also buy into this view that this is where firewalls should be evolving. NGFWs don’t only have the ability to simply threat protection, but also to speed up inspection due to its single pass nature (traffic is inspected once, not inspected by the firewall, then passed to the IPS for inspection).

I got into a heated discussion with a Fortinet engineer about NGFW and UTMs (Unified Threat Management) devices. I said that while UTMs may have a place now, the NGFW is where enterprises should be heading. He said it sounds like I’ve been brainwashed by Palo Alto Networks. I haven’t, but I like the direction that they are heading.

Palo Alto has the advantage of not having a legacy product and starting with a fairly blank slate. They are disadvantaged by a lack of maturity. But they are a new kid, and I think the technology has a lot of promise.

With threats constantly evolving, and with such a large attack space for internal networks, we need to re-evaluate the ways we protect our data networks. We shouldn’t get rid of the firewall, but we need to alter the way it functions all together to protect us from new threats. NGFWs gives us new hope for the firewall and for protecting our perimeter.

Seriously consider NGFWs for your next firewall upgrade.

Original article: How firewalls are changing to fight against new threats'">The Evolution of the Firewall How firewalls are changing to fight against new threats

©2025 Interxect Services Limited. All Rights Reserved.

The recently released “Understand the State of Data Security and Privacy” report found that 36% of data breaches were caused by inadvertent misuse of data and 35% were caused by malicious internal users. Last year, those figures were 27% and 12% respectively.

I usually take all of these figures here with a pinch of salt, but I do know from experience that enterprises take a lax attitude when it comes to internal security. The main issue in this case seems to be a lack of training in security awareness and policies. The report stated that 42% of the respondents had received training on how to remain secure at work, and only 57% said that they were aware of the security policies of the company. Educating users on how to approach computer use and to protect themselves from cyber-threats is necessary.

There has been voices denouncing the effectiveness of training users in computer security, such as here and here. But this is a fallacy and it supposes that the training is the be all and end all of IT security, but it’s really just intended to be another layer of defence. IT Security is about reducing risks, and that’s what user education is for.

Some advantages of user awareness education are:

• It helps users to be vigilant about computer use and possible security risks
• It can be a low effort, high impact way of protecting your data
• It may improve the relationship between users and IT if done right
• It can be transformative as users take the lessons to other facets of the organisation or even their lives

I won’t claim that user education is some sort of magic bullet, but it can be a useful weapon against data breaches.

There is another part of the Forrester report that is worth mentioning – that IT departments tend to think to tactical about IT security, choosing instead to focus on technology, such as anti-virus and data loss protection (DLP), to protect against inadvertent actions of users. Even security awareness training for users is a tactic all in itself. What companies need to have is a strategy for protecting their data.

The framework that Forrester defined seems like a good place to start, as it is similar to other frameworks I’ve seen and used. At a high level:

1. Classify your data and define which ones you wish to protect.
2. Determine how data is being used and what mechanisms are available to protect it.
3. Implement the protections.

Remember that your data is a valuable asset, if not the most valuable asset, to your organisation and you must protect it.

What do you think? Do you believe that your company will benefit from security awareness education, or do you think that money and effort is better spent elsewhere? Chime in below.

Original article: And you should not take them for granted!'">Humans are the Weakest Links in IT Security And you should not take them for granted!

©2025 Interxect Services Limited. All Rights Reserved.

I’m sure you’ve also seen it happen at the department level – power plays between employees. I’ve seen it before where staff members will not do certain tasks, see issues but will not resolve it, or worst, sabotage efforts of another to make them seem incompetent.

Such negative activities reduce the capability and productivity of the department. And in the IT department, it can be hazardous for your data, which can become pawns in this dangerous game of chess play.

So what can you do about it?

1. Do not get involved

Often the manager or team supervisor will get involved with the gossip and negativity with the intention of being “friends”, but this just adds fuel to the flames. Don’t do that! Nothing demoralises a department or business more than the leadership getting involved in the politics, even if done behind closed doors.

So what to do instead?

2. Listen and Be Open

When there is conflict or negativity, listen carefully to your staff and team. Do not interject or offer advice, no matter how much you want to. Get the person talking about what is going on. Why do they feel the way they do? What do they think cause it? What do they want to happen? What would they like the environment to feel like?

Do not judge. Just listen and take notes (after asking if it is okay to do so first).

3. Mirror and empathise

This is a very tricky area here. You do not want to make light of anyone’s issues, but also you do not want to agree that they are right (unless for sure they are). Instead empathise with the way they feel saying something, “and this whole situation has you feeling… angry? Disappointed?” or “I understand that you may be feeling frustrated”. The idea here is to let the other person feel felt.

4. Formulate an action plan

Once the person is talking and is open to dialog, formulate an action plan as to what needs to happen next. It might be tempting to bring the other person in, but I suggest that you talk to the other person in private first to get them open to dialog as well. Once that happens, then you can have both in the room with you as a mediator. Mediation is another skill that I will address in another article, but for now, know that it is something that may be required.

Ensure to set deadlines to when certain things are to happen so that there is not another issue of unmet expectations.

Issues addressed, what next?

Once major issues have been addresses and things have settled down, it may be beneficial to do the following.

Understand the informal organisational structure

Not all power and influence comes from position and job title. Many people have influence outside of position or may have the ears of people in high positions. There may be cliques and groups, and others who seem dead set to put one against another. By understanding these linkages, you will be in a better position to head-off potential problems.

Keep your ears to the ground

Listen out for grumblings among employees and staff, and be ready to address any rumour circulating before they become uncontrollable. In the absence of open dialogue, presumptions run wild. Keep friendships with people who are always in tune to the grape vine; this is usually the receptionist, but could also be admin staff.

Build relationships at all levels

By building relationships at all levels of the business, you can have greater resources at your disposal to address issues that come along. You can also learn from others how best to approach certain issues so you can benefit from that knowledge and handle the politics more effectively.
Learn to recognise and treat all peers and employees fairly.

You may never be able to eliminate office politics from the work environment, but you can work to minimise the negative effects. And if you can minimise office politics within the IT department, you have one less thing affecting your data to worry about.

Do you have a story to share about how you handled your internal politics? Or how do you feel about the advice that I’ve given? Please leave your comments below.

Be sure to sign up for our e-mail list where we plan to send out regular tips on how you can improve IT and your business along with it.

Original article: Here's what you can do about it...'">Office Politics can hurt your IT Here's what you can do about it...

©2025 Interxect Services Limited. All Rights Reserved.

Sourcefire also has in its portfolio next-generation firewalls and advanced malware protection solutions.

Cisco hopes to improve it’s security solutions with the new acquisition, although I am not very clear as to how. At the moment, I am tending to believe that this is an acquihire, for Cisco to gain Sourcefire’s strong cadre of security experts.

My concern now is what will happen to the open source solutions that Sourcefire currently provides. Snort and Clam AV have proven very popular within the security industry. Snort especially is used in many solutions to provide excellent IDS/IPS to networks. Fortunately, because it’s open source software (OSS), it can be forked to create another product based on the code, but without the right support may just languish.

Cisco used to be very open contributing greatly to the open source community, and still continues to once it deals with open standards, but from my own observations, I see Cisco closing avenues where there is direct competition. On the plus side, Cisco may have some technologies that will improve their current security offerings, so customers who are into Cisco may benefit.

I’ll adopt a wait and see approach for now, but I expect stocks of Cisco to rise with this acquisition.

Read Cisco’s announcement of the acquisition here.

Original article: Hopes to Bolster Security Strategy'">Cisco to Acquire Sourcefire, the Makers of Open Source Snort and Clam AV for $2.7B Hopes to Bolster Security Strategy

©2025 Interxect Services Limited. All Rights Reserved.