Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers.

In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of Kaspersky with the notable exception of company CEO Eugene Kaspersky.

The measures are being imposed under a 2021 executive order that allows sanctions in response to direct threats to U.S. national security emanating from Russia that the U.S. Department of Commerce declared earlier this week.

It’s not clear how widely used Kaspersky software is in the United States. Given Russian laws that require companies headquartered in that country to provide government officials with access to data, many organizations either declined to purchase Kaspersky cybersecurity software in the first place or quietly replaced it.

Kaspersky has long denied any collusion with the Russian government, a stance it reiterated this week. It’s not clear to what degree other countries might follow suit or whether the Russian government might similarly ban sales of cybersecurity products and services from companies headquartered in the U.S.

Mitch Ashley, principal analysts for Techstrong Research, said it’s an escalating situation. Governments around the world now need to view cybersecurity as an extension of their national security, he added. As such, they need to give national leaders the authority to act on these concerns in a more forthright manner versus relying on a change to a set of rules defined by the U.S. Department of Commerce.

Concerns over the allegiances of companies run by executives that are citizens of a particular country have been long-standing. In the case of Kaspersky Software, those concerns were first raised in 2017. Many organizations, for example, will also similarly not acquire IT infrastructure from Huawei because of concerns that data might eventually finds its way into the hands of Chinese government officials. Additionally, there are concerns that in the event of hostilities, that infrastructure could be easily compromised.

In the wake of the war in Ukraine and a formal alliance formed between Russia and North Korea signed earlier this week, those same suspicions are now being aimed at any entity that does business in Russia. Conversely, many businesses have ceased operations in Russia – in part out of concerns that any IT presence in Russia would have cybersecurity implications for business units that might be connected to those systems.

Regardless of the outcome, cybersecurity teams will now have to factor geopolitical conflicts into their strategies as it becomes apparent that IT environments are just another potential target every time there is a conflict in almost any part of the world. The challenge, of course, is there is no shortage of conflicts that can escalate in ways that many business and IT leaders may not always anticipate.