Kaspersky Customers ‘Scared’ By Threats Of US Sanctions: Partners
“[Customers are] thinking, ‘Well, if I’ve chosen Kaspersky, is my boss going to fire me if something happens?’ Just the optics right now, it’s troubling,” said one solution provider CEO who partners with Kaspersky.
Kaspersky customers are “scared” as the U.S. government eyes potential sanctions against the Moscow-based cybersecurity firm, with U.S.-based Kaspersky clients looking to replace the vendors security products, according to Kaspersky channel partners.
“Customers that are coming up for renewal are obviously looking elsewhere—they’re scared,” said one solution provider CEO who partners with Kaspersky and declined to be identified. “People don’t know if this is just some kind of geopolitical BS? Or is there really something there? They’re thinking, ‘Well, if I’ve chosen Kaspersky, is my boss going to fire me if something happens?’ Just the optics right now, it’s troubling.”
The CEO said he’s seeing customers starting to drop Kaspersky cybersecurity products and look to implement competitor solutions due to fear.
“The board of directors [of Kaspersky clients] are saying, ‘We are not going to use this anymore. Find something else.’ I mean, it’s no different—or I guess it’s a little different—to people pouring out Russian vodka. ‘Hey, if it’s got a Russian stamp on it, let’s get it out. I don’t want to get canceled,’” said the CEO. “It’s a no-win situation for everybody.”
Solution providers tell CRN that Kaspersky is planning to conduct an all-hands meeting or town hall meeting earlier next week to discuss the matter.
The National Security Council has pressed the Treasury Department to ready sanctions against Kaspersky amid longstanding allegations that the Russian government could exploit Kaspersky’s technology to install malicious software on the networks of its customers. However, sanctions experts with the Treasury Department have raised concerns over the size and scope of the punishment being considered for Kaspersky, according to a report by The Wall Street Journal.
Kaspersky has said it strongly denies the accusations along with alleged links to Russian intelligence services.
“The U.S. Government’s lack of response to Kaspersky’s good faith outreach, while proceeding to take actions to further limit Kaspersky, clearly indicates that such regulatory restrictions are political decisions based on speculation rather than facts,” Kaspersky told CRN in an emailed statement.
Although Treasury officials have been working to prepare a sanctions package, one official told The Wall Street Journal that sanctions against Kaspersky have been put on hold for now.
Partners: ‘It’s A Bad Situation All Around’
Although channel partners are reaching out to Kaspersky customers to let them know about the situation, many clients are reaching out to solution providers themselves to express concerns.
“Customers are calling us about [Kaspersky], but we’re also being proactive in making our customers aware the situation—it’s our job,” said one top technology executive from a solution provider who partners with Kaspersky who declined to be named. “We pass along relevant U.S. government activity that is being published that they need to know. ... It’s a bad situation all around.”
Partners told CRN that Kaspersky is “trying to put the best face on” for partners, but the amount of fear from customers is at an all-time high.
Partners aren’t faulting Kaspersky for the situation regarding possible sanctions. However, the problem had been escalating quickly since Russia’s invasion of Ukraine last month, which has now hit a breaking point.
“We worked with Kaspersky for years. They are great people. And they are in a bad spot by no fault of their own,” said the CEO. “But just type in ‘Kaspersky’ in Google and see what you find. There are millions of news articles. … Over the last year, our Kaspersky sales were up—until a month and a half ago.”
The top technology executive said he’s currently selling several Kaspersky customers new cybersecurity solutions.
“We sell a lot of security solutions. So all options are on the table. We’re not asking or encouraging customers to move. But if they have to, we will support them and offer recommendations,” he said. “There are a lot of good products out there. So it’s not that any one sticks out to replace Kaspersky, there’s a lot of them.”
Kaspersky said it will continue to assure its partners and customers on the quality and integrity of its products and remains ready to cooperate with U.S. government agencies to address the FCC and any other regulatory agency’s concerns.
Kaspersky Saw A ‘Resurgence’ From 2017 Ban
Channel partners said they’ve seen a Kaspersky sales “resurgence from the geopolitical issues” that hit the Russian security firm in 2017.
In December 2017, former U.S. President Donald Trump signed a broader defense policy spending bill that banned Kaspersky‘s software from both civilian and military networks. The ban on U.S. government sales made many American customers reluctant to purchase Kaspersky’s technology even though sales weren’t outright prohibited.
“Kaspersky had been making great strides and their reputation had been coming back and people were kind of forgetting about the last geopolitical issues. And then, this. We don’t know what’s going to happen,” said the CEO. “It’s too fresh.”
However, other partners dropped Kaspersky outright in 2017.
LAN Infotech, a Fort Lauderdale, Fla.-based MSP, moved hundreds of customers off Kaspersky software in 2017 after the U.S. government banned the use of Kaspersky software in federal information systems because of concerns about Kaspersky’s links to the Russian government.
“We removed all of the Kaspersky software from our customers systems in 2017 based on the chain reaction in response to the US government ban.” said Goldstein. “My heart goes out to the Kaspersky partners who are dealing with this now. At some point you need to draw a line in the sand. That’s what we did. It was not a technology decision. It was a reputational decision for customers.”
Kaspersky co-founder and CEO Eugene Kaspersky needs to “get out in front” of the allegations of ties to the Russian government, said Goldstein. “I’m surprised Eugene isn’t taking a more prominent public role to battle these charges,” he said. “Eugene is Kaspersky. He needs to get out in front of this if they want to continue to succeed in the U.S. market.”
Kaspersky: Sanctions Based On ‘Unsubstantiated Allegations’ Without ‘Evidence’
In today’s statement, Kaspersky said it maintains that the U.S. government’s 2017 prohibitions on federal entities and federal contractors from using Kaspersky products and services were not only unconstitutional but also based on unsubstantiated allegations and without any public evidence of wrongdoing by the company.
“As there has been no public evidence or due process to otherwise justify those actions since 2017, and the FCC announcement specifically refers to the Department of Homeland Security’s 2017 determination as the basis for today’s decision, Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services,” Kaspersky said in a statement last week.
If sanctions are implemented against Kaspersky, it would not be the first time President Joe Biden’s administration sanctioned Russian companies for their relationship with the Russian government. In April 2021, the Treasury Department sanctioned six Russian technology vendors for helping the country’s intelligence agencies carry out malicious cyber activities including the SolarWinds hack.
“Kaspersky has been doing very well over the last couple years. I don’t know what’s going to happen now,” said the technology executive. “This is somewhat unprecedented.”
In a CRN 2022 CEO Outlook questionnaire, Kaspersky said the key to success for Kaspersky partners in 2022 is offering comprehensive cybersecurity solutions “from the early stages of endpoint protection, through to the complexities of cyberthreat intelligence and – arguably the most important step- incident response.”
As for his own top priority, Kaspersky replied: “Saving the world from cyberthreats! I’ve had the same priority for 25 years.”