Millions of individuals and businesses rely on antivirus software to protect their devices and data from malware and external threat actors. However, not all antivirus products are created equal. When determining what security products to implement, it is important for consumers to look into who developed the tools they will be trusting their data with and what outside influences determine how these products will be used. Case in point, in June of 2024, the Biden Administration announced the Kaspersky, one of the largest antivirus software companies, will be banned from sale in the U.S effective immediately. In response, both users and businesses need to begin finding alternative options to secure their private data and devices.
Founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik, Kaspersky is an antivirus and cybersecurity provider headquartered in Moscow, Russia. Primarily offering antivirus solutions, Kaspersky also sells password management tools, endpoint security, awareness training, and threat intelligence.
According to their website, Kaspersky "protects over 400 million people and 220,000 companies worldwide" making them the fourth global antivirus vendor in revenue. Kaspersky states on their website that "we’ve been transforming our leading security intelligence into real protection, ensuring our customers safety and empowering them with the confidence to use our protection technologies in both personal life and business". Kaspersky antivirus is no doubt one of the largest antivirus providers in the world, which begs the question: Why is Kaspersky being banned?
On June 24th, 2024, The Department of Commerce published a final determination into the federal register banning Kaspersky and its affiliates from selling their antivirus product in the United States. Beginning on July 20th, Kaspersky and its partners will not be permitted to sell or license their product in America and on September 29th, no new security updates will be implemented. This means that users have only a few months to find an alternative.
The U.S. Bureau of Industry and Security (BIS) states that the primary reason behind the ban is due to the company's close ties with Russia, a foreign adversary. The BIS states that Kaspersky poses "unacceptable risks to the Unites States' national security and the security and safety of its people". They claim that there are fundamental security vulnerabilities that could be exploited by the Russian government to the detriment of the United States. In their final determination, the Department of Commerce highlights three "aspects of Kaspersky cybersecurity and anti-virus software that contribute to undue and unacceptable risks posed to the national security of the United States", these concerns include:
Kaspersky is subject to the jurisdiction, control, or direction of the Russian government, a foreign adversary.
Perhaps the largest concern is that Kaspersky is subject to the direction of the Russian government. As a "foreign adversary", the Russian government has exhibited its willingness to sponsor cyber-attacks, espionage, and otherwise malicious cyber activities against the United States. Nation-state sponsored cyber-attacks are particularly insidious as they often have the full backing, funding, and resources of the government they are tied to. Kaspersky was founded in, is currently headquartered in, and conducts much of their business from Russia. The software design, development and supply are all operated out of Russia and is therefore subject to the jurisdiction of the Russian government. In the event that Russia requires information or assistance from Kaspersky, they are required to comply with the demands of the government creating a huge conflict of interest.
Kaspersky's software can be exploited to identify sensitive U.S. personal data and make it available to Russian government actors.
Due to the nature of its product, Kaspersky has access to a large amount of personal, potentially sensitive data. The Department of Commerce states that this data in the hands of Russian employees could be used to weaken the nation's security posture. Additionally, these employees understand the inner workings of the product and every backdoor or vulnerability that can be exploited at the kernel level, meaning that Kaspersky engineers can effectively take control of a user's device to harvest information or perform other malicious tasks.
Kaspersky cybersecurity and anti-virus software, developed and supplied from Russia, allows for the capability and opportunity to install malicious software and strategically withhold crucial malware signature updates.
Another concern is that the Russian government may influence or demand Kaspersky to install malicious software onto a user's device or to withhold crucial malware signature updates leaving devices open to attack. These products can only protect against patterns and signatures they recognize, by withholding these updates, attackers will have an easier time infiltrating an organization.
This immediate ban means that organizations or individuals using Kaspersky will need to find an alternative security solution, and fast. CorpInfoTech, through the utilization of Cylance|ENDPOINT, provides managed Endpoint Detection Response (EDR) and Extended Detection Response (XDR) for small-mediums sized businesses. ENDPOINT utilizes machine learning and AI to constantly monitor, parse through, and alert organizations of relevant security events that may pose a threat to security. ENDPOINT is built on the service of Cylance|OPTIC and Cylance|PROTECT, BlackBerry|Cylance's flagship EDR and XDR solutions. These service block malware before they can impact your IT systems and can help automatically resolve threats.
With CorpInfoTech's managed service offering, your organization can be confident that the tools you use are configured correctly, securely, and consistently. We offer vulnerability and patch management solutions that give you full visibility into the security health of your business.
To learn more about how CorpInfoTech can secure your business, contact us today!