Would I love to interview Lenovo’s Incident Response Team!
How much can failure be worth?
Dan gets an idea while filling out a “customer satisfaction survey!”
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
So though I tried to comment on Lenovo’s site during the early days of their Superfish incident and they wouldn’t let me log in . . . in the amazingly inept decision to go silent instead of transparent . . . they must have forgotten to shut off the customer satisfaction survey engine.
Okay, I should be nicer . . . . they probably decided to let that part of it continue so they could measure the damages, if possible. And I don’t blame them.
Frankly, we really do need to be nicer to companies that are struggling with their IT Governance Processes . . . and help them along the path to risk management. So I’m glad I was not able to put a comment on their site, because when I was trying in vain to register my comment on their bogus post about Superfish not being a problem, my state of irritation would have led to a regrettable comment. So again the American Monkey Trap saves Dan from an American Monkey Trap (more on that in a future article called . . . . you guessed it . . . The American Monkey Trap!)
Lenovo had such a great opportunity to turn a lemon into lemonade, and instead they clammed up, probably taking the advise of lawyers rather than incident response experts, and now they have a lot of work to do to rebuild their reputation.
You see, they did NOT have an incident response plan. Had they proactively developed a plan, and then tested the plan (with their lawyers present), when the Superfish incident hit they surely would have been more transparent and truthful.
So this is what I said in my survey response:
So hey, we’ll see if anybody bites on the bait. I did try calling them, but that was a waste of time . . . well at least given I have very little time these days . . . . I’m too busy updating the Vendor Management Program to address the risk we now face when engaging with hardware vendors . . . .
Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex
Dans New Leaf is a fun blog to inspire thought in the area of IT Governance.