Barclays cuts ties with Kaspersky following NCSC guidance
Mon 4 Dec 2017
Kaspersky Labs’ PR troubles continue after Barclays bank discontinued its policy of offering the Russian firm’s anti-virus software to new customers.
The decision by the UK bank, which counts itself amongst the country’s ‘Big Four’ and has revenues of more than £20 billion, comes after the UK’s cybersecurity chief advised against government departments using Kaspersky software.
As well as no longer offering a download of the software to new customers, the bank also emailed 290,000 existing customers as a precaution.
The problems for Kaspersky stem from questions over its connection to the Russian state, given Russia’s continued efforts at disrupting western states, including the UK, through cyber attacks. There have been reports, for instance, of Russian state-backed hackers attacking the western energy sector.
Despite Kaspersky’s continued denials, the firm is struggling to battle a rising tide of fear, given its country of origin. That was no doubt exacerbated by the decision of the UK National Cyber Security Centre’s chief, Ciaran Martin, to write to civil servants recommending they do not use Kaspersky software for government business.
In a letter to permanent secretaries, Martin highlighted the importance of country of origin with regards to anti-virus (AV) software, which has to have extremely intrusive permissions over the system that it is protecting.
‘The specific country we are highlighting in this package of guidance is Russia,’ Martin wrote. ‘The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft. To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen.’
Though this advice was not aimed at members of the public, Barclays considered it important enough to cause it to carry out this measure as a precaution.
However, it also made it clear that customers using Kaspersky should not delete the software, writing: ‘There’s nothing to suggest that customers need to stop using Kaspersky. At this stage there is no action for you to take. It’s important that you continue to protect yourself with anti-virus software.’
Kaspersky, including its outspoken CEO Eugene Kaspersky, has vocally denied any claims that it is involved in any wrongdoing, including by announcing plans to release source code in a transparency drive.