Businesses may be paying a lot more to recover from security breaches if they're using virtual rather than conventional in-house infrastructures.
According to a study by Kaspersky Lab enterprises pay more than $800,000 on average to recover from a security breach involving virtual systems, which is twice as much compared to incidents involving only physical infrastructure.
The problem affects smaller businesses too. SMBs reported damage of more than $26,000 for an attack on their physical infrastructure. The involvement of virtual infrastructure in a security breach, however, drives the cost up to nearly $60,000.
The main reason behind the additional cost is that many businesses use virtual infrastructure for their most important operations. The survey finds 62 percent of companies use virtualization in some form. As a result, many organizations are likely to entrust virtual environments with critical business processes. While an attack on physical nodes leads to the temporary loss of access to business critical information in 36 percent of incidents reported, this rises to 66 percent when a breach affects virtual servers and desktops. Attacks affecting virtual environments also typically require additional third-party expertise to fix. Businesses have to request help not only from IT consultants, but may also involve also lawyers, risk management experts and others.
The survey found that 42 percent of businesses believe that security risks in virtual environments are significantly lower than in 'physical' ones. In addition, 45 percent of companies report that security management in virtual infrastructures is seen as a problem and yet only 27 percent of businesses have deployed a security solution specifically designed for virtual environments.
"Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure," says Matvey Voytov, Corporate Products Group Manager at Kaspersky Lab. "However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customized, virtual-aware security solutions with centralized management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away".
The full report is available on the Kaspersky Lab site.
Photo Credit: Andy Dean Photography/Shutterstock