Western sanctions against Russian cybersecurity companies collaborating with the Kremlin’s security services have not been very effective. As it turned out, these companies thrived on the withdrawal of competitors from the market, taking advantage of opportunities to obtain new contracts and hire new engineers previously working for Western brands.
Positive Technologies, one of the leaders of the Russian cybersecurity market, does not seem to have lost anything by being included on the sanctions lists: the company’s sales and political influence have grown during the year of the war.
Positive Technologies was on the sanctions list a year before the invasion, in April 2021, for cooperating with intelligence agencies, including holding hackathons that the FSB (Russian Security Service) and GRU (Military Intelligence of Russia) used to recruit hackers for their operations.
The sanctions did not embarrass the business; Positive Technologies is still pursuing its ambitious aspirations to go public.
In November 2021, Positive Technologies was added to the US Department of Commerce Bureau of Industry and Security list, which tightened restrictions for the US market and accused the company of “actions contrary to US national security interests,” specifically, of trafficking “exploits used to gain access to information systems and endangering the security of people and organizations across the globe.” This pressure came from the US during the same year’s fall.
Yet, the business was able to successfully launch an IPO on the Moscow Exchange in December of the same year.
When Russia invaded Ukraine, many in the West believed the Russian tank offensive would be accompanied by devastating cyber attacks on Ukraine’s civilian and military infrastructure. A large-scale cyber offensive did not happen, but Western cyber companies withdrew from Russia.
At that point, new opportunities opened up for Positive Technologies, which it successfully seized. There were so many new customers that already in July 2022, the company raised prices by 30%. Alla Makarova, Financial Director of Positive Technologies, said at the time that they see the outflow of foreign competitors as a positive factor: “And this result, I think, will be monetized during not only 2022: the main effect will probably occur in 2023 and 2024.
The company has also hired several high-class engineers who previously worked in Cisco’s Moscow office.
The company’s impressive financial performance is evidence of how cleverly it has filled the void left by the departure of Western companies.
The company’s political weight in Russia has also increased. Since 2013, the top managers of Positive Technologies have participated in Inforum, the industry’s main conference supported by the FSB, the Security Council, and the General Staff.
One of its main sponsors for many years has been the Chinese giant Huawei, but this year the Chinese gave up sponsoring Inforum, and Positive Technologies filled the void. The company’s executives spoke at the conference six times, including on the main panel together with Alexander Shoitov, Deputy Minister of Digital Development, Sergey Boyko, head of the Security Council’s Infosecurity Department, and Andrey Krutskikh, a special presidential representative for Internet regulation.
Positive Technologies’ success story in the military year 2022 is far from unique: overall, the Russian cybersecurity industry grew 10-20% last year.
And that poses a serious challenge.
Unlike automobile and tank manufacturers, Russian programmers and cybersecurity specialists are world-class professionals. Russia is not known for its hackers by accident.
The industry is now caught between Western sanctions blocking its access to global markets and extensive state support provided by the Kremlin – including through contracts from the military-industrial complex and special services. It cannot be said that this is a real choice.
The chance to tear Russian software companies away from military and special services contracts is gone, but there is still a chance to keep some number of IT engineers from directly participating in the build-up of Russian cyber capabilities.
But this opportunity is becoming more elusive by the day, as more and more Russian IT specialists who fled mobilization return to Russia after months of wandering, undocumented, and without prospects. Realizing this perfectly well, the Russian authorities are trying to lure them back by promising them a war exemption and benefits.
The Kremlin, as it turns out, has a deliberate strategy for the use of Russian programmers for its purposes. The question is, does the West have such a strategy?