An interesting story yesterday in the Wall Street Journal brings up the subject of business reputation in any business, but in this case a cyber security business. The article tells how Kaspersky has decided to move parts of its operations to Switzerland to fend off government decisions to not use their software. That reluctance seem to come from the belief that the Russian government used Kapersky software to identify classified tools used by an NSA contractor and subsequently stole them.
There are a few things that come up in cyber that can damage a business reputation forever and one of them is a widespread belief that the software or hardware made by a company has government sanctioned backdoors or extracts information for intelligence purposes. From studies done at the University of Toronto, we know of several Chinese browsers that to the latter, extracting things that would never be needed by the vendors of that software but would be useful to identify a unique individual - things like the hard drive serial number or networks in range of a device, for example.
Governments always want help with intelligence collection and they sometimes asked for that help from contractors. The Chinese don’t ask. The contractor has two considerations here, profit and reputation. If they come up with a method to extract intelligence and it is not exposed, they can make a lot of money. It is the “not exposed” part that can be trouble. Exposing these methods can damage a reputation for a device or a whole business. Not even Chinese businesses want to be caught, because as the Kaspersky case shows, there is very little that can be done to reestablish a reputation. An old security poster said it this way: A reputation of 1000 years can be undone in a few minutes.
ZTE and Huawai are both on the list of companies with bad reputations and we have next to nothing about why those reputations are as they are. It has cost them millions of dollars and they have tried many public moves to get it back. That was largely to no avail. For us, the problem is the intelligence that tells us why is classified and has not been released, downgraded or sanitized so it can be discussed in public. The Chinese know why and so do the governments involved outside of China. Kaspersky and the Russians know why too, with greater accuracy and detail than any of us will ever know. These are secrets worth keeping, and in most of these cases, they were kept well.
So, do we think Kaspersky will be helped by moving to Switzerland to get away from its Russian connection? Not likely.
No comments:
Post a Comment