IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC warns businesses against using Kaspersky products

Critical infrastructure companies, as well as organisations aiding Ukraine or criticising the Russian government, are at the highest risk of being compromised

The National Cyber Security Centre (NCSC) has issued a warning for businesses using products and services provided by Russian cyber security company Kaspersky.

Businesses are being urged to avoid using Russian tech providers, with Kaspersky being the only company named in the latest guidance.

High-profile and critical infrastructure companies, as well as organisations aiding Ukraine or criticising the Russian government, are at the highest risk of being compromised by Russian threat actors, the NCSC said on Tuesday.

However, it added that consumers using Kaspersky antivirus on their private IT equipment are unlikely to be targeted by the Russian state and can continue using the products and services.

The warning comes close to five years after the NCSC urged public sector organisations to avoid using Kaspersky antivirus, alongside ensuring that software is kept updated while network configurations and credentials are managed correctly.

“We still think this advice is correct but, given the conflict in Ukraine, the context has changed considerably,” NCSC technical director Ian Levy said on Tuesday.

The heightened risk stems from the Russian legal provision that obligates Russian companies, including antivirus providers such as Kaspersky, to assist the Russian Federal Security Service (FSB).

According to Levy, “the pressure to do so may increase in a time of war”.

Related Resource

Gartner is mapping the future of secure access. Okta is helping organisations get there

Creating unified, consistent digital identities for users

Whitepaper cover with shaded multiple triangle graphicFree Download

“We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed,” he added.

Levy said that the NCSC has “no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests”.

The precautions, however, stem from the need to “err on the side of caution”.

“The absence of evidence is not evidence of absence,” said Levy.

The guidance comes days after Kaspersky was declared a threat to US national security and added to the FCC’s List of Equipment and Services Covered By Section 2 of the Secure Networks Act.

Earlier this month, Germany’s Federal Office for Information Security (BSI) also recommended switching away from any Kaspersky product to another vendor. Similarly to the NCSC, the BSI based the recommendation on the risk that the company could be forced by the Russian state to carry out offensive cyber operations.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is hacktivism?
hacking

What is hacktivism?

27 May 2022
What is cyber warfare?
Security

What is cyber warfare?

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022