Back to top

More firms must reconsider using Kaspersky products, NCSC warns

The National Cyber Security Centre (NCSC) has issued new guidelines warning against using technology from Russian vendors, saying it is time for organisations to reconsider using anti-virus (AV) products offered by Kaspersky.

The agency said it has received several enquiries from consumers about using AV products from the Russia-based cyber security firm. 

However, it added that customers using Kaspersky’s AV software on their private IT equipment are unlikely to be targeted by Russian threat actors and can continue using the products and services.

Five years ago, the NCSC warned public sector organisations against using Russian products, like Kaspersky’s AV, alongside ensuring software is kept updated while network configurations and credentials are managed correctly.

“We still think this advice is correct but, given the conflict in Ukraine, the context has changed considerably,” said Ian Levy, NCSC’s technical director.

Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war, Levy said. 

“We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed,” he added. 

Levy said the NCSC has no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests. However, the absence of evidence is not evidence of absence, he warns. 

The guidance comes a few days after the Federal Communications Commission (FCC) had officially declared Kaspersky as a threat to US national security.