Companies Should Examine Supply Chain for Risk From Potential Kaspersky Sanctions, Law Firm Says
With the administration considering sanctions on Kaspersky Labs, companies should be assessing not only their own use of the Russia-based software vendor’s cybersecurity offerings, but also use by their vendors and suppliers of Kaspersky’s products, law firm Crowell said on April 6.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“Companies should first consider whether they use any of Kaspersky’s cybersecurity offerings, from antivirus and endpoint protection offerings; to cloud security; to professional services such as Kaspersky’s security awareness training, security architecture design, or vulnerability and patch management programs,” Crowell said. “Because Kaspersky’s software is often packaged with or renamed by other computer security products and services, this could require additional time and resources.”
“Companies may also wish to examine whether their vendors and suppliers use Kaspersky’s products, as sanctions can and often do come with unanticipated supply chain issues,” the law firm said.
The administration as of last week remained divided on whether to sanction Kaspersky, with the Treasury Department preparing a sanctions package based on instructions from the White House, but other administration officials concerned that any sanctions could increase the likelihood of a cyberattack potentially using the software, The Wall Street Journal reported March 30. The FCC in late March also added Kaspersky to its list of telecommunications companies considered a security risk.