Security firm Sophos appears to be unaware that when one is in a hole, it is time to stop digging. Nothing else can account for the fact that when the company found itself with egg on its face over the WannaCry ransomware attack, it chose to try and "clarify" things.
iTWire was one online tech publication which highlighted the fact that Sophos had quietly changed a banner on its site, which initially proclaimed that the "NHS is totally protected by Sophos".
Such a claim did not, obviously, hold water after Britain's National Health Service was badly affected by the WannaCry ransomware over the weekend, hence Sophos quietly changed its banner to read, "Sophos understands the security needs of the NHS".
A sharp-eyed IT security architect named Kevin Beaumont spotted the transition, and posted a tweet about it. And from there, it spread.
{loadposition sam08}Sophos, however, was not content to let sleeping dogs lie. The story appeared on 16 May and by now most people would have forgotten about it.
So the company wrote to iTWire, saying it was, "reaching out on behalf of Sophos in response to your article today, to provide some clarity on the events over the weekend."
It is amusing how everyone who is on the receiving end always thinks that there is a lack of clarity at our end! I have conversations every day with people from various companies who are always seeking to "clarify" things that are perfectly clear.
Sophos probably did not want the issue to go away, so it included a rather patronising explanation about WannaCry — patronising in that iTWire had already covered the issue comprehensively — and then tried to pull a little wool over our eyes.
A statement from the company's chief marketing officer, Matt Fairbanks, went this way:
“The marketers at Sophos got a little ahead of themselves and created the landing page in question two years ago." (In other words, it is out of date; no mention however why, if it is so old why it wasn't taken down long ago.)
"This was an orphaned microsite page from a marketing campaign that referred to our total portfolio of products." (Really? What the hell does that mean, anyway?)
"The microsite is not now and never was our primary NHS-related page on our website. Small edits were made for accuracy, and from a sensitivity perspective not because of anything being factually incorrect." (This made me laugh out loud. If the NHS was indeed totally protected by Sophos, then why were patients turned away from various hospitals?)
"The criticism is legitimate, and we take it very seriously. We want improvement as much as anyone, and we know our customers help drive that. We are proud of and we value our long-standing relationship with NHS organisations."
It's difficult to understand why Sophos and its executives are such gluttons for punishment.
As if this bizarre email was not enough to bring up the issue again, Sophos also made this offer: "If you would like further comment on this, regional vice-president and managing director, Asia Pacific & Japan, Joergen Jakobsen, is available for select interviews today."
Maybe I'll take the company up on that offer next week and keep the issue in the news a little longer.
One has to wonder: who is advising Sophos about public relations?