Over the past few months, Kaspersky Lab have been making headlines for all the wrong reasons.
Most recently the National Cyber Security Centre warned government departments not to use Kaspersky software on systems that contain official secrets. Now MPs and security experts have criticised the NCSC for not extending its warning to the public sector, industries and individuals, citing risks to the NHS and other public body IT infrastructure.
In 2017, The US Department of Homeland Security ordered all federal agencies to stop using Kaspersky software, due to a risk that the software could “provide access to files” marked as classified or sensitive.
The directive was partly issued in response to intelligence from Israeli intelligence officials who spent months watching Russian government-backed hackers scanning computers belonging to Kaspersky customers for top secret American government documents. The Israeli officials had successfully hacked Kaspersky Lab in 2014 which enabled them to watch on as the computers were scanned.
Add to this revelation that infighting at Kaspersky Lab has led to a faction of senior management with reported close ties to the Russian security services now leading the company, and it's no surprise that Western governments are becoming more and more wary about allowing Kaspersky software on government networks.
But what does this mean for ordinary businesses?
Firstly, and for points of fairness, Kaspersky Lab representatives have of course denied allegations that it allowed Russian intelligence to use their software to scan PCs for classified American documents or any other reason. They claim that they will never help any government with cyber-espionage.
Secondly, it's important to highlight that the majority of security and anti-virus software (including Kaspersky) need to be able to scan documents and networks in order to find the viruses they’re there to protect you against. It is how those scans can be manipulated and the details used that is being highlighted in the recent Kaspersky cases.
So should UK businesses be worried that their data isn’t safe in the hands of Kaspersky’s security software?
So far, all reports indicate that whilst the software COULD be used to access private files, it isn’t being used maliciously against businesses in the UK on a wide scale. Hackers or dodgy vendors would need to access the Kaspersky software, then manipulate a scan that looked for specific keywords in order to find the files and trigger their upload to the cloud servers. They would then need to be able to access Kaspersky’s cloud servers to access the files.
No offence, but it’s unlikely that the type of cybercriminals with the resources to be able to pull this kind of breach off would be interested in anything other than the biggest businesses, public sector or government bodies in the UK.
Cyber security experts from across the US and Western Europe have also been clear in their opinion that they do not see Kaspersky as a threat to businesses. PCMagazine have published an article citing several leading experts, all of whom are confident that (at present) there’s no need for a mass purge of Kaspersky from your IT systems.
Whilst they do not deny that Russian government-backed hackers have carried out cyber espionage, they do not see Kaspersky Labs as being complicit, and indeed some of the sources call out the “witch hunt” against Kaspersky as a campaign by other IT security vendors to maximise on the anti-Russia, anti-Kaspersky rhetoric.
Chetan Varma (pictured) in our IT support team agrees. “Personally we don’t recommend Kaspersky, but that is based on functionality and user experience rather than security concerns. It should also be pointed out that it isn’t just Russia who uses cyber-espionage. Israel and China also produce popular commercial software that could be used against UK businesses. But just because it could, doesn’t meant that it will.”
So what should businesses be wary of?
IT security should still be a high priority for businesses. You should definitely still use anti-virus software, even if it is Kaspersky.
But there are other more common forms of cyber crime that UK businesses need to protect themselves from.
Ransomware attacks are still being used against businesses to blackmail them out of money and nefariously access sensitive data.
Email fraud is still used to plant malware on corporate PCs and networks.
Employees still pose a risk to the IT and data security of businesses. No matter how clever your security software, a person can be tricked into revealing company bank details or paying false invoices through social engineering, whether over the phone, via email or on un-secure websites.
The bottom line is, whilst there have been some dubious stories around Kaspersky Labs and the security software it produces, the majority of SMBs in the UK aren’t likely to be a victim of the type of cyber-espionage Kaspersky have been accused of abetting.
Date published: 06/02/2018