View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 4, 2017

Barclays Bank removes Kaspersky software after Government warning

Following the NCSC advice, will the UK follow suit of the US and ban Kaspersky software?

By April Slattery

Barclays bank has followed suit of the US and stopped offering Kaspersky security software after an official warning from the National Cyber Security Centre.

Emailing a total of 290,000 online banking customers the bank said the action was a ‘precautionary measure’ on the grounds that Kaspersky’s software could have connections to the Russian Government, posing security risks to firms.

Within the email the bank outlined its advice to remove any Russian products from highly sensitive systems, classified as secret or above, and Barclays removed the option for customers to obtain free Kaspersky software, but advised those with the software already that they did not need to take any action.

Following security threats and concerns over Kaspersky’s products, the NCSC has offered advice against the use of Kaspersky’s products from Government departments in a bid to prevent the transfer of UK data to the Russian state.

The NCSC has concerns around Kaspersky Lab having a connection with Russian Intelligence and worries Russian bodies could get hold of sensitive information that could either be exploited or used against companies.

The NCSC issued a warning to the British Government and government organisations not to use the software, telling them Kaspersky’s software could be exploited by Kremlin.

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

“In the national security space, there are some obvious risks around foreign ownership. It is therefore obvious why this matters in terms of national security.  We need to be vigilant to the risk that an AV product under the control of a hostile actor could extract sensitive data from that network, or indeed cause damage to the network itself,” said Ciaran Martin, CEO the NCSC, said.

After growing concerns Kaspersky Lab has connections with Russian Intelligence, seen as a major threat to Government organisations and bodies, it has been advised not to continue using the software and is no longer being offered by companies who have a history of offering it to customers.

Barclays Bank Kaspersky LabThe NCSC has been in talks with Kaspersky Lab hoping to develop an alternative framework. In this development the NCSC wants the ability to verify the software and its safety, giving the Government promise about the security with the wider market.

A document from NCSC said: “In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used.”

Such allegations have been somewhat damaging for Kaspersky already after the security company’s anti-virus software was banned from U.S. government networks in September this year over concerns Kaspersky Lab has close connections to Russian Intelligence and its software could be used to allow spying.

“We are concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian Networks,” the Department of Homeland Security (DHS) in the US said.

Ahead of the NCSC’s document against the anti-virus software in the US the DHS said: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”

Following allegations Kaspersky could have connections with Russian Intelligence agencies, Kaspersky’s CEO, Eugene Kaspersky, has denied these cases and any involvement or connection through the software stating that any connection with Russian Intelligence would “kill the business”.

After the NCSC document was published this weekend and Barclays withdrawing offering the software Eugene Kaspersky tweeted:

During a time that is already politically tense between the US and Russia, allegations over Kaspersky’s software further issues on both sides. Concerns and tension have spread across to the UK, as Barclays remove software offerings for customers and the NCSC offers a recommendation in light of concerns.

– US Government removes Kaspersky software
How the CEO reacts
Uber added to the long list of cyber attacks

Martin said: “The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft.  This includes espionage, disruption, and influence operations.  Russia has the intent to target UK central Government and the UK’s critical national infrastructure. “

Regarding the UK the NCSC continues to aim for a solution to the problem to bring a better more secure framework to Government bodies in a bid to better protect organisations, especially following the series of cyber-attacks across organisations and businesses such as the extensive malware overhaul of WannaCry against the NHS, Uber’s data breach along with the likes of Yahoo! and Equifax.

NCSC said: “Conclude: We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU