Russian anti-virus vendor Kaspersky Lab’s campaign to counter the damage to its reputation and its revenues inflicted by the US and other governments in recent months rolled into Sydney this week, with the company holding a press lunch to flesh out details of its recently announced plans to open a ‘transparency centre’ in Switzerland.
The company also revealed details of collaboration with Swinburne University of Technology along with its plans to open a Sydney office.
Kaspersky announced in May that it would move core infrastructure from Russia to Switzerland, and that, by the end of 2019, data from customers in Europe, North America, Japan, Singapore, Australia and South Korea would be stored and processed in Zurich. The new transparency centre will be the first of several the company plans to open around the world.
The move followed the US Department of Homeland Security, in September 2017, ordering civilian government agencies to remove Kaspersky software from their networks within 90 days, citing concerns that the software could enable Russian espionage and threaten national security.
US retail giant Bestbuy followed the government’s lead by removing Kaspersky software from its online and retail stores. Kaspersky launched a legal challenge — still in progress — to the US government’s actions.
Stephan Neumeier managing director, Kaspersky Lab, APAC, said that as result of the ban, Kaspersky’s business in the US was now “in terminal decline,” but the company was doing well elsewhere.
“In Europe we are experiencing double digit growth and in all the emerging markets — Latin America, Middle East, Arica, Asia we are achieving double digit growth.
“Enterprise in Asia Pacific is growing 30 percent. Our consumer business is growing 25 percent. In SMB we are struggling a bit but that has more to do with our go to market strategy. We need to change distributors.”
Neumeier blamed the US government ban not on genuine fears about subservience to the Russian government but on Kaspersky’s practice of ‘outing’ cyber threat actors whether private or state affiliated.
“We fight cybercrime. We neutralise malware wherever we find it, and we don’t care wether it was developed by a cybercriminal or whether it was developed by a state-sponsored actor. That is one of the main reasons we got banned from government business in the US.”
Neumeier said the transparency centre would “provide full visibility to our customers about our products: the way they work, the data we collect from our customers, what we do with this data, how the updates work, when the updates are coming.”
And, he said, “customers can also have visibility into our source code, which is important for most of our customers.” However with some 3 million lines of code, it is debateable whether any inspection would be able to detect any ‘back doors’ in the software.
Anton Shingarev, vice-president for public affairs, Kaspersky Lab, said the company was looking to create a consortium of universities to undertake this mammoth task.
“It is pretty impossible for one company to check,” he said. “I have had a lot of meetings with companies that do source code reviews and they have said ‘sorry we are not ready to do that; it is going to take us a couple of years. So we came up with the idea of a consortium of universities who develop a framework to check the source code.”
He said the checks and practices to be implemented in the centre were all aimed at reducing risk, reassuring governments and customers that Kaspersky software was secure and had not been compromised.
“There is no silver bullet. The reasoning of the regulators is risk based. You can reduce risk by having independent audit by someone like Pricewaterhouse, Deloitte or KPMG. They can check how the source code is developed, they can check our engineering practices: how we write source code, who has the rights. That will reduce the risk a little bit. Relocating the source code to Switzerland will reduce the risk as well.”
He said Switzerland had been chosen as the location of the first centre partly on the strength of its data protection laws. “Switzerland’s data protection laws are some of the strongest in the world. It is pretty well impossible to get a warrant from law enforcement to get access to data.”
Neumeier predicted that Kaspersky’s competitors would follow its lead. “We already have so much demand from governments to gain access and have visibility. We had not choice. We had to do this. We believe this will be a paradigm shift.”
“Other large cyber-security companies have said no, but we believe these will be standard in the future. “We believe [such centres] will be standard in the future.”
MoU with Swinburne to boost cyber security skills
Kaspersky has signed a memorandum of understanding with Swinburne University of Technology that it says will “support cybersecurity education and bridge the country’s skill gap.
The company said the focus would be on enhancing cybersecurity education in the school curriculum, allowing Swinburne to benefit from a “Train-the-Trainer” programme that promotes regular exchange of information such as industry insights and best practices.
“Students will also be able to obtain the latest knowledge, skills and experience that will be beneficial to their careers after graduation.”
An Australian government report in 2017 estimated that Australia would need another 11,000 cyber security specialists over the next decade.
Kaspersky said its research showed that one third of organisations placed improving their in-house security expertise among the top three priorities of their IT security investment.
Kaspersky ANZ general manager Margrith Appleby said the current skills shortage was in part due to a lack of defined career paths. “We believe our partnership with [Swinburne University of Technology] within their respective faculties in software, engineering, science and technology, will ensure the development in training and educational content for a new future of cybersecurity experts in Australia.”
Kaspersky said the university would also benefit from the expertise of Kaspersky’s Global Research and Analysis Team (GReAT), which will “facilitate with the faculties and lecturers in guest speaking sessions and provide greater insights in cybersecurity.”
Kaspersky has signed similar MoUs with Singapore Institute of Technology, Singapore University of Technology and Design and Temasek Polytechnic.
Sydney office coming in 2019
Neumeier said Kaspersky had about 20 people in its main Australian office in Melbourne and two in Sydney but planned to open a new office in Sydney during 2019. “We will balance our presence between Melbourne and Sydney, which I think is the right thing to do.”