Virtual infrastructure breaches more costly than physical
Security incidents involving virtual infrastructure cost twice as much to recover as physical, says Kaspersky Lab
Virtual infrastructures are twice as expensive to recover after a cyber-attack compared to purely physical infrastructure, according to a survey by Kaspersky Lab.
Recovery of an security breach involving virtual infrastructure costs over $800,000 on average for an enterprise-level organisation.
The worldwide survey of 5,500 companies found that the same pattern is repeated with SMBs. An attack on an SMB's physical infrastructure costs an average of $26,000 to recover from, compared to nearly $60,000 for a breach involving virtual infrastructure.
The main reason behind the additional cost for a security breach affecting virtual environments is that the majority of businesses use virtual infrastructure for their most important operations. Sixty-two percent of companies that have already embraced virtualisation platforms, are likely to entrust them with their most critical business processes.
While an attack on physical nodes leads to the temporary loss of access to business critical information in 36% of incidents reported, this rises to 66% when a breach affects virtual servers and desktops. Attacks affecting virtual environments also more frequently require additional budget on third-party expertise. Businesses have to request help not only from IT consultants, but also lawyers, risk management experts and others.
The complexity of security measures in a virtual environment, as well as an incorrect perception of the threat landscape are two additional elements that increase the cost of recovery in the virtual environment. Kaspersky Lab's report shows that 42% of businesses believe that security risks in virtual environments are significantly lower than in ‘physical' environments. 45% of companies report that security management in virtual environments is perceived as a problem. Furthermore, only 27% of businesses have deployed a security solution, specifically designed for the virtual environment.
"Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure. However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customized, virtual-aware security solutions with centralized management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away. We have realized that vision and our best technologies in the solution Kaspersky Security for Virtualization," commented Matvey Voytov, corporate products group manager, Kaspersky Lab.