Key Takeaways:
- Starting in July, the Biden administration will ban the sale of Kaspersky antivirus software in the US.
- The US Department of Commerce’s Bureau of Industry and Security (BIS) cited potential exploitation by the Russian government to steal sensitive information and compromise critical IT systems as the primary reason for the ban.
- US businesses and consumers are urged to transition to alternative cybersecurity solutions before September 29, 2024.
Last week, the Biden administration declared a ban on all US sales of Kaspersky antivirus software starting in July, citing national security concerns. Kaspersky will also be prohibited from issuing updates and security patches for its products beginning in October.
According to the Department of Commerce’s Bureau of Industry and Security (BIS), the Russian government could exploit Kaspersky Lab to steal sensitive information from US citizens. Additionally, the BIS pointed out that Kaspersky could be manipulated to install malicious software and prevent security patches from being delivered to critical IT systems. The integration of Kaspersky tools into third-party solutions could also pose a potential security risk.
“Today’s Final Determination and Entity Listing are the result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk—due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations—that could not be addressed through mitigation measures short of a total prohibition,” the press release reads.
US to enforce Kaspersky software ban starting in July
Starting on July 24, US businesses and consumers will no longer be able to buy Kaspersky software. However, existing US-based customers will be able to download the software and receive new updates until September 29, 2024.
Businesses and consumers that continue to use unpatched Kaspersky products past that date will be vulnerable to considerable security risks. Moreover, companies that continue to sell, resell, and license affected Kaspersky products after September 29 could be subject to fines. The US government urges customers to find alternative security solutions as soon as possible to protect sensitive data stored on their computers.
The ban affects Kaspersky’s antivirus software and the integration of Kaspersky tools into third-party solutions. However, it doesn’t impact Kaspersky’s consulting services as well as the threat intelligence services or cybersecurity training programs in the US.
In a statement, Kaspersky has denied the US government’s allegations, stating that the product ban is politically motivated. The company also announced it will explore all legal options to protect its business.
“Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted third party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” Kaspersky wrote in a blog post.
How do businesses and IT admins react to the US Kaspersky ban?
The U.S. ban on Kaspersky products has prompted various responses from IT administrators and businesses. IT admins are discussing the ban’s implications and recommending alternative antivirus products, while enterprise customers urgently need to switch to other cybersecurity solutions before the ban fully takes effect.
The U.S. government has previously taken multiple actions against Kaspersky, with the Department of Homeland Security issuing a ban on all Kaspersky-branded products back in 2017. The Federal Communications Commission added Kaspersky software to its list of products that pose significant national security risks in March 2022.