Kaspersky software ban: CISOs must move quickly, experts say
The US government enacted new restrictions on Kaspersky’s customers, indicting 12 of its executives and prohibiting further sales of its software and services in June. The regulations augment existing bans from using its software by US federal agencies that began several years ago and have spread to similar bans by federal agencies in places such as Lithuania and the Netherlands.
The action coordinated efforts by both the Commerce and Treasury departments, based on national security risks about any potential cooperation with Russian intelligence agents.
The 12 executives cited by the Treasury do not include Eugene Kaspersky, the founder and CEO of the company and its most visible spokesperson and did not cite the entire corporate entity itself or any of its subsidiaries. The indictments include the head of human resources, various vice presidents and the CTO.
The first bans, which began in 2017, motivated moving Kaspersky’s main corporate data center from Moscow to Switzerland. Since then, they have opened 12 of what the company calls “transparency centers” around the world where reviews of source code and threat detection methods are shared with partners, government agencies and customers. Some data processing still is in Moscow, which is part of what made US regulators nervous and helped to enact the June restrictions. “When the feds first banned Kaspersky for their own use, this set off a wave of customers moving away to its competitors,” says Greg Schaffer, who is a virtual CISO to numerous businesses. “I think this latest ban is prudent, even though I haven’t seen any proof of any potential exploits.”
