How open is your cybersecurity vendor about its products and business?
In recent years, amid heightened geo-political tensions, there has been plenty of concern about the use of foreign-produced technology products. In 2017, the US and UK governments even told their agencies not to use products from the Russian-headquartered cybersecurity company Kaspersky.
But should governments and businesses reject cybersecurity vendors based on their country of origin, if the company is transparent about its products and business?
No, say Kaspersky executives, who point to their company’s focus on transparency.
Last year, Kaspersky launched its Global Transparency Initiative (GTI), which aims to provide independent proof that its products and business are trustworthy. Under the initiative, Kaspersky also moved its customer data storage and processing infrastructure for European users from Russia to Zurich.
It has also established Transparency Centers in Zurich and Madrid, where customers can review its software source code. And last month, it announced plans to open a Transparency Center in Malaysia. It expects the facility to open in the next few months.
“As a paradigm shift for the cyber security industry, this facility – the first in the region – will be located in Cyberjaya, Malaysia, all thanks to the kind cooperation of CyberSecurity Malaysia. We have been very open to customers with concerns, telling them we’re happy to explain exactly what our product does, what kind of data we are collecting, how we are processing this data and more. Governments and selected partners can even inspect the source code,” explains the company’s Managing Director of Asia Pacific, Stephan Neumeier.
Kaspersky’s executives see this initiative as a selling point at a time when trust in technology is paramount. “We’re the only cybersecurity company with this type of facility in place,” Neumeier says about the Zurich and Madrid center.
Increasing number of organisations are seeking this level of transparency, says Neumeier. For example, overseas governments have told him they are considering requiring vendors to show their source code when bidding for work.
By assessing vendors in this way, rather than rejecting them based on their country of origin, Neumeier says organisations will have access to a wider range of cybersecurity capabilities. For example, foreign-headquartered vendors may provide valuable threat intelligence.
The new, more transparent Kaspersky is winning the trust of some government organisations in the Asia Pacific region. For example, governments from all over the region have purchased Kaspersky threat intelligence.
Kaspersky points to banking trojans it has detected in Australia as evidence that its threat intelligence can be useful to Australian organisations. Its representatives say that their Botnet Tracking system, which is part of Kaspersky’s Threat Intelligence family, found that banking Trojans were spreading in Australia and “adopting unusual techniques”. For example, they said that the Banker Trojan now checks for URLs opened in a browser and can open a WebView with a fake site overlaying the original web page. They say this method was used recently by the Gustuff malware to target users of various Australian banks.
Kaspersky has stepped up its efforts to win business in Australia. Earlier this year, Kaspersky ANZ signed on distributor Dicker Data. Distribution changes mean access to Kaspersky business products here is easier than ever.
General Manager of Kaspersky ANZ, Margrith Appleby says, “I’m truly excited by this partnership. Dicker Data is Australia’s largest value-added distributor with extensive local market reach and knowledge that will help drive Kaspersky’s world class technology into mid-market, SMB and enterprise customer segments across ANZ.”
Appleby also talked up the benefits of the new transparency center in APAC for Kaspersky partners. “This new facility also aims to address the growing demand from our partners to obtain more information on how our products and technologies work. We understand the shifting threat landscape and want to work with partners who look into beefing up their cybersecurity capabilities,” she said.
Kaspersky has also expanded its range of small-to-medium products, which now include an Interactive Protection Simulation and products for Managed Service Providers.
The company’s executives say they are having more conversations with Australian businesses than they did a year ago. They hope those organisations see the importance of choosing a cybersecurity vendor that’s open about its products and business.
According to Neumeier, “While there is no foolproof solution to combat complicated cyberattacks against governments and organisations worldwide, trust and transparency in cybersecurity is one effective strategy.”
“We at Kaspersky, confidently welcome assessments and reviews of our source codes and business practices to show our stakeholders that we have nothing to hide. I believe through this, we can establish a public and private tag team against our only enemy – cybercriminals.”
Article sponsored by Kaspersky.