Anti Anti-Virus

In July 2017, Bloomberg reported that the anti-virus and security company Kaspersky Lab has been cooperating with the Russian Federal Security Service (FSB), the name of the Russian counterintelligence agency and successor of the KGB, since 2009.   On September 13, 2017, the US federal government mandated that all software made by Kaspersky Lab be removed from government computer systems.  Retailers such as Best Buy are also taking steps to remove Kaspersky Lab’s products from their retail offerings.

Kaspersky Lab issued a response, claiming that it has done nothing wrong and is merely a pawn in a political game between the US and Russia.  Russia responded to the report by urging Russian companies to only use Russian software.

Although it’s unlikely we will ever have a definitive answer about whether Kaspersky Lab is gathering data for the Russian FSB, this incident highlights a growing concern that foreign governments might be collaborating with software and hardware companies to spy on other governments, corporate enterprises, and consumers.   How can companies protect themselves in this environment?  Consider five things:

  1. A company should have a plan in place to quickly install a replacement if it discovers that software or hardware in its environment has been compromised.  Often this means maintaining a list of alternative providers and, when possible, having a contact at those alternative providers in case a purchase needs to be made quickly.
  2. Prior to making a purchase, conduct a search of news and industry reports on the brand and product to find any stories that might raise a red flag.
  3. After making a purchase, set an online news alert with the product name and “spy,” “spyware,” “malware,” “security issue” and similar terms in the search field (however, this doesn’t work well for network security or anti-virus products, since nearly every news story about those products contain these terms).
  4. Subscribe to security sites, such as SecureList.com or KrebsOnSecurity.com, that track potential security issues affecting enterprises and consumers.
  5. In particularly egregious circumstances, unplug the software or hardware so it stops collecting and transmitting information, but first be aware of how that will impact your other systems.

While there is no surefire way to identify a software or hardware vendor intent on stealing information, these steps can help mitigate damages by notifying companies of any known or suspected issues.  In the end, staying current on security risks is one important factor in defending your company, and yourself, against cyber-mischief.