Insecure politics: How Kaspersky’s departure from Europe will turn out

Eugene Kaspersky’s company risks losing not only money but also access to the data needed to develop new products along with European customers. And Europe may be left without the main obstacle in the way of Russian-speaking cybercriminals

I often tell my colleagues: it does not matter how high you climb, but how long you can stay there. The story with Kaspersky Lab, which announced it was forced to suspend cooperation with European law enforcement agencies, including Europol (against the backdrop of the European Parliament’s decision to pass a resolution to strengthen cyber defenses against Russia, China and North Korea), is just about that.

Entering the European market has always been a difficult task for a company domiciled in Moscow. At present, companies operating in the European Union are undergoing another test of their positions, primarily due to the aggravated political relations between Europe and Russia. Undoubtedly, the U.S. has its own influence on the ongoing processes. Does this mean that it’s time to wind up? No.

What does Kaspersky Lab have to lose?

If an ordinary company leaves the market, it loses money. If a company that specializes in cyber security leaves the market, it loses data and money. Today’s level of information security technology requires constant training of their systems (both machine and manual). Let me explain in simpler terms: systems receive data as a result of the work of the computer security team on incident response (incident response is when, say, a bank was hacked, software specialists arrived and figured out how technically the attack occurred), and as a result of constant research into the methods, tools and technologies used by cybercrime in each particular region (this is threat Intelligence, that is cyber reconnaissance). In addition, the data providers are the very products for early warning of attacks, allowing the detection of all forms of malicious code that are “knocking” on local companies’ networks (this is the Threat Detection System class of products, for example). All of these data sources enrich the vendor’s products and make them stronger against cyber threats in any country or continent.

Hackers, for the most part, are focused on money: in different countries, they will seek to attack the infrastructure and the companies that have that money. Only by examining the profile of the attacker in each country can we fight cybercrime globally. This is the specific nature of vendors’ work in the field of “infobase”. When you lose the market, you lose knowledge, and you become technologically weaker. It is important to understand this.

And it’s not just the product that suffers. The business that defended itself for years with this product suffers, and now has to look for a replacement: this means restructuring processes, technological strategy, resource support. And again, losses.

I think in the long run, Kaspersky Lab will be able to make up for the money loss caused by leaving the European market at the expense of customers in Latin America and Asia. But we cannot leave Europe for other non-financial reasons. First, Europe is one of the most highly developed markets. The law enforcement system here is one of the few examples of effective computer crime investigations around the world. Europe has important organizations in the field of combating cybercrime: the Council of Europe, the OSCE and, of course, Europol.

There is a famous saying: “The way you meet defeat determines your success” (it belongs to singer David Fegherty). In my opinion, even if a company receives an unfriendly signal from the government, this is not a reason to pack up. Let me repeat: leaving means a global loss, first and foremost, of the analytical capabilities needed to provide protection to customers in other countries. Given that Europe is home to a number of global critical infrastructure facilities, breaking relations with it would deprive Eugene Kaspersky of the ability to study threats and develop global innovative technologies to combat cybercrime and cyber espionage.

What does Europe have to lose?

It would be a mistake to believe that by issuing a “note of no confidence” to a company such as Kaspersky Lab, the European market, while protecting its political interests, will not lose economically. Europe actually has no global players in the information security market with an international analytics network. Neither Avast (Czech Republic), nor ESET (Slovakia), nor Sophos (UK), nor other companies can be called leaders in international threat analysis, cyber intelligence and, most importantly, global analytics yet. This is first of all.

Second, all major cybercrimes in Europe are most often committed by Russian-speaking hacker groups (not Russian-speaking, but Russian-speaking – this is an important distinction). According to Europol’s official statistics, 15 out of 18 information security cases it deals with are related to Russian-language cybercrime. For example, they created all the new Android Trojans, the damage from which is steadily growing (according to our data, the growth in Russia alone was 136% at the end of 2017). At the same time, not a single European company has a major think tank dedicated to the study and analysis of information security incidents in the former Soviet states. By acting against global players with Russian roots, in the long run Europe is reducing its own level of information security.

In my opinion, the most adequate solution in this situation would be to introduce the tactics of echelon defense at the state level. When several vendors’ products and technologies are used in the same infrastructure (simply put, they “stand” behind each other and analyze mirrored traffic). Then no “vote of no confidence” will affect the level of information security in the organization as a whole. To put it even more simply, technologies will verify and cross-check each other, the level of threat detection will increase, thus minimizing the risk of data leakage or realization of any other risks, and the market itself will remain protected both from cyber threats and from the consequences of momentary political decisions. Cybersecurity issues should be out of politics. And that’s the only way.

Is there a way out? I think Kaspersky Lab itself is unlikely to remedy the situation in the near future. The company chose this path and it is its right. But this step by no means means means that the door is closed to other Russian players, both those aspiring to the European market and those already working in it.