Enterprises pay more than £507,000 on average to recover from a security breach which affects the virtual infrastructure of a company; this is twice as much compared to incidents involving only physical infrastructure. This is among findings of a report on the Security of Virtual Infrastructure prepared by the IT security product firm Kaspersky Lab, based on a worldwide survey of 5500 companies conducted in cooperation with B2B International in 2015.
According to the report, SMBs experience the same pattern as enterprises. On average SMBs reported damage of more than £16,400 for an attack on their physical infrastructure. The involvement of virtual infrastructure in a security breach however, drives the cost up closer to £38,000
The main reason behind the additional cost for a security breach affecting virtual environments is that the majority of businesses use virtual infrastructure for their most important operations, the IT firm says. While an attack on physical nodes leads to the temporary loss of access to business critical information in 36 per cent of incidents reported, this rises to 66 per cent when a breach affects virtual servers and desktops. Attacks affecting virtual environments also more frequently require additional budget on third-party expertise. Businesses have to request help not only from IT consultants, but also lawyers, risk management experts and others.
The complexity of security measures in a virtual environment, as well as an incorrect perception of the threat landscape, are two additional elements that increase the cost of recovery in the virtual environment. The report shows that 42 per cent of businesses believe that security risks in virtual environments are significantly lower than in ‘physical’ environments. 45 per cent of companies report that security management in virtual environments is perceived as a problem. Furthermore, only 27 per cent of businesses have deployed a security solution specifically designed for the virtual environment, even though 62 per cent of companies that have already embraced virtualisation platforms are likely to entrust them with their most critical business processes.
Matvey Voytov, Corporate Products Group Manager, Kaspersky Lab, said: “Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure. However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customised, virtual-aware security solutions with centralised management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away.”
