Transparency, trust, and security: cybersecurity in turmoil

Our customers’ safety is a priority

For 25 years, our company has been working to protect our customers around the world from all cyber threats, whatever their origin. Our company has always had a reputation as one of the best in the industry: state-of-the-art technology, renowned experts, and a human approach that is highly valued by our customers and partners. Since 1997, we have been on a mission to build a safer world and protect both individuals and public or private organisations. To achieve this mission, we are guided by several principles: continuous innovation to provide cutting-edge solutions; monitoring and intelligence on cyber threats to continually understand what we are fighting against; and awareness raising, training, and support. We are also very committed to the future of cybersecurity and are involved in issues of general interest such as diversity in the digital professions or the fight against cyber violence or cyberbullying.

As regards our solutions, the security and reliability of Kaspersky’s technical and organisational procedures and data services have been confirmed by external audits carried out by independent and recognised organisations. Kaspersky has successfully passed the Type 1 SOC-2 audit conducted by one of the world’s four largest auditing firms. The audit confirmed that the development and distribution of Kaspersky’s threat detection rule bases (antivirus databases) are protected from unauthorised modification by robust security measures.

In terms of contributing to international efforts to combat cybercrime and cyber espionage, our Global Research and Analysis Team (GReAT) is now a reference point in the entire cybersecurity ecosystem. Based around the world, these researchers of all nationalities work independently, in particular to draft numerous reports on some of the world’s most sophisticated cybercriminal groups. Since the start of the war in Ukraine, some of our researchers have been mobilised to analyse and understand parallel movements in cyberspace, to continually assess the potential threats. In addition, Kaspersky’s researchers have published more than 17 reports on attacks using the Russian language in their code. This is more than the majority of cybersecurity players. For instance, our researchers monitor groups such as Turla, BlackEnergy, Sofacy, CloudAtlas, DeathStalker, CactusPete, Emotet, and Ryuk.

Pioneers in transparency and quality requirements

Kaspersky is a global company, operating in around 200 countries, with 34 offices and generating over 80% of its revenue outside Russia. The holding company is registered in the UK, but each entity operates financially and legally independently. And since 2018 the data of our European customers is processed and stored in our Zurich data centres. Being a global company also means that our servers are spread across the world (including Switzerland, Germany, China, and Canada), which allows for faster processing of information and ensures server availability at all times. An instance of the TIP (threat intelligence portal) is also hosted in Switzerland, which ensures continuous accessibility to all the services made available to customers via this portal (sandbox engines, APT reporting, etc.).

Through our industry-leading transparency initiative, Kaspersky has built trust and accountability in cybersecurity by taking clear actions to our customers and partners to provide greater security assurance in our solutions. Transparency centres have been opened around the world, where the source code and updates of our main solutions are available for auditing. We also make available the Software Bill of Materials (SBOM, i.e. the document that describes the elements composing a software program) of our products.

We are convinced that international cooperation and transparency are our best chances to fight cybercrime.

A committed player in the international cybersecurity ecosystem

Kaspersky is committed to contributing to the cybersecurity ecosystem, both globally and locally. Thus, our company is very active in France. For example, since 2017 we have been a member of the national victim assistance system Cybermalveillance.gouv.fr. We are a signatory of the Paris Call for Trust and Security in Cyberspace, launched in 2018 by the President of the French Republic Emmanuel Macron. In addition, in 2021, the Ministry of Foreign Affairs has entrusted us and Cigref with the co-steering of Working Group #6, which aims to provide concrete tools to the supporters of the Paris Call in terms of digital supply chain security. We are also partners of the French CEFCYS (Circle of Women in Cybersecurity) and regularly collaborate with law enforcement and government organisations involved in the fight against cybercrime.

In Europe, we cooperate with many national and regional bodies. These include, for example, the European Union Agency for Cybersecurity (ENISA), where a security researcher from Kaspersky’s GReAT is an elected member of the ad hoc working group on the EU cyber threat landscape. We maintain close cooperation with Europol’s EC3 unit, where Kaspersky is a member of the Internet Security Advisory Board. Together with Europol, the Dutch police and McAfee, Kaspersky also launched the No More Ransom initiative, which more than 50 organisations have since joined to combat ransomware. In 2021, Kaspersky contributed to the OECD reports on digital security and vulnerability management.

War is a tragedy that has already caused innocent people to suffer and has had repercussions in our hyperconnected world. The global cybersecurity ecosystem—which was built on trust and cooperation to protect the digital links that connect us to each other—is now also affected by this conflict. We are convinced that building a safer world is a joint effort and must be based on trust, dialogue, expertise, and transparency. In this sense, Kaspersky will always continue to do what it does best: ensuring everyone’s cybersecurity.