Long-simmering doubts about the loyalty of Russia-based cybersecurity company Kaspersky Software came to a head this week when the U.S. government banned the company from selling its software to businesses and individual consumers, effective July 20.
Additionally, the U.S. Treasury Department imposed sanctions on 12 senior Kaspersky Lab executives, excluding CEO Eugene Kaspersky.
The measures are imposed under a 2021 Executive Order released by the U.S. Department of Commerce earlier this week authorizing sanctions in response to direct threats to U.S. national security emanating from Russia.
It’s not clear how widely Kaspersky Lab software is used in the U.S.: Russian law requires companies headquartered in Russia to provide government officials with access to data, so many organizations either refused to buy Kaspersky Lab cybersecurity software in the first place or quietly replaced it.
Kaspersky has long denied colluding with the Russian government, a stance it reiterated this week. It is unclear to what extent other countries will follow suit, or whether the Russian government will similarly ban U.S.-based companies from selling cybersecurity products and services.
Mitch Ashley, principal analyst at TechStrong Research, said the situation is getting worse. Governments around the world need to view cybersecurity as an extension of national security, he added. So they need to empower national leaders to act more forthrightly on these concerns, rather than relying on a series of rule changes set out by the U.S. Commerce Department.
Concerns about the loyalty of companies run by executives who are nationals of a particular country have been around for years. In the case of Kaspersky Software, these concerns were first raised in 2017. Many organizations, for example, would similarly not buy IT infrastructure from Huawei out of concern that the data could end up in the hands of Chinese government actors. There are also concerns that that infrastructure could easily be compromised in the event of hostilities.
In the wake of the war in Ukraine and the formal alliance signed earlier this week between Russia and North Korea, the same suspicions are being directed at any organization doing business in Russia. Conversely, many companies have suspended operations in Russia, in part due to concerns that having an IT base in Russia could have cybersecurity implications for business units that may be connected to those systems.
Whatever the outcome, cybersecurity teams must incorporate geopolitical conflict into their strategies, as every conflict in almost any part of the world reveals new potential targets for IT environments.The challenge, of course, is that there are many conflicts that can escalate in ways that many business and IT leaders cannot necessarily predict.
Recent articles by the author