Virtualization can double breach recovery costs
Connecting state and local government leaders
According to a recent survey by Kaspersky Lab, the average cost of breaches involving virtual infrastructure can be double those that occur in a traditional environment.
While many government agencies are turning to virtualization to lower costs, these savings could disappear with a single security breach.
Enterprises pay an average of more than $800,000 to recover from a cybersecurity breach involving virtual infrastructure, , according to a recent survey by Kaspersky Lab -- an amount that is twice as much recovery from physical infrastructure security breaches. The number is even higher – closer to $1 million – when indirect costs such as staff training to prevent future attacks are included.
There are a few causes for the cost difference. First is that organizations tend to use virtual infrastructure for their most mission-critical or sensitive data. That means an attack on the virtual infrastructure is much more likely to result in the temporary loss of important data and an inability to operate core services, the report said.
While 36 percent of physical security breaches lead to a temporary loss of access to business-critical information, that number jumps to 66 percent when the breach affects virtual servers and desktops, the survey found. And with 77 percent of enterprises surveyed using virtualization in some form, the exposure to expensive breaches is substantial.
The second reason involves a lack of understanding about the risks in a virtual environment. According to Kaspersky, many organizations erroneously believe a virtual infrastructure is safer than a physical one (42 percent). Only slightly more than half are fully prepared to deal with a virtual breach, or fully understand the risks. And just 27 percent have installed a security solution for specifically for their virtual operations.
Finally, remediation costs escalate because addressing virtual attacks frequently require third parties, such as IT consultants, lawyers and risk management experts.
“Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure,” said Matvey Voytov, Kaspersky Lab's corporate products group manager. "However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit."