Kaspersky Lab, the embattled Russian cybersecurity firm, has announced the closure of its U.S. operations this week, laying off its entire American workforce of less than 50 employees.
In a statement to The Cyber Express, Kaspersky said:
“Starting from July 20, 2024 Kaspersky will gradually wind down its U.S. operations and eliminate U.S.-based positions. The decision and process follows the Final Determination by the U.S. Department of Commerce, prohibiting the sales and distribution of Kaspersky products in the U.S.”
The completion of its exit formalities, however, will still take time. “It’s a long process that can take more than a year,” Kaspersky said.
The antivirus provider has been operating in the U.S. for close to 20 years. But after last month’s ban, the company “carefully examined and evaluated the impact of the U.S. legal requirements and made this sad and difficult decision as business opportunities in the country are no longer viable,” Kaspersky told The Cyber Express.
As told by Kaspersky, the move follows last month’s U.S. Commerce Department ban on Kaspersky software sales and the U.S. Treasury Department’s sanctioning of its top executives, citing national security concerns.
The Treasury Department’s Office of Foreign Assets Control (OFAC) specifically targeted key individuals within Kaspersky Lab, including the chief operating officer, chief legal officer, chief of human resources, and chief business development and technology officers, among others.
The Department of Homeland Security (DHS) had previously banned Kaspersky from government systems in 2017, followed by a similar ban on its use within the U.S. military in 2018. However, the June 2024 Commerce Department ban effectively crippled Kaspersky’s commercial business in the U.S.
The U.S. government has never provided concrete evidence that Kaspersky or the Russian government used its software for espionage. Kaspersky maintains its innocence, claiming the ban is based on “geopolitical climate and theoretical concerns” rather than a factual evaluation of their products.
Unanswered Questions and Potential Security Risks
Despite the lack of concrete evidence, the U.S. government expressed concern about Russia’s potential to compel Kaspersky to cooperate with surveillance activities. Secretary of Commerce Gina Raimondo said last month, “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people.”
Kaspersky software’s deep access to system files, a necessity for antivirus functionality, raises potential security risks in the eyes of U.S. officials.
The recent ban prevents Kaspersky from not only selling new software but also providing security updates to existing users after September 29. This leaves millions of endpoints vulnerable as the software becomes increasingly ineffective against evolving threats.
Uncertain Future for Existing Users
While the U.S. government won’t penalize those continuing to use Kaspersky software, they strongly advise switching to alternative solutions. Security professionals managing potentially vulnerable systems with Kaspersky software face a critical decision: replace Kaspersky entirely or find alternative mitigation strategies until a new solution can be implemented.
Fallout for Kaspersky
The U.S. ban is a significant blow to Kaspersky. While the U.S. sales only accounted for roughly 10% of their global revenue and only about 3% of antivirus users were running Kaspersky software in the country before the U.S. government banned sales in June, losing access to the U.S. market weakens their brand reputation and could potentially influence other countries to follow suit.
Kaspersky’s future remains uncertain, particularly as they grapple with the closure of their U.S. operations and the ongoing scrutiny from governments around the world. However Kaspersky told The Cyber Express:
“Kaspersky’s business remains resilient, and our key priority remains the same – to protect our customers in any country from cyberthreats. Being a global cybersecurity vendor, the company will continue investing in strategic markets and remain committed to serving its customers and partners and ensuring their protection.”
“As a global company operating in more than 200 territories and countries, Kaspersky will be able to adapt its sales pipeline and maintain its global presence by focusing on the markets where it sees the most potential for its business development,” the company told TCE.
Security professionals and network engineers should closely monitor this evolving situation and consider alternative antivirus solutions to ensure the security of their networks.
* Update July 15, 4:15 p.m.- Added Kaspersky’s statement on how much time it will take for the company to completely exit U.S.
