Virtualization can double breach recovery costs

Virtualization can double breach recovery costs

While many government agencies are turning to virtualization to lower costs, these savings could disappear with a single security breach.

Enterprises pay an average of more than $800,000 to recover from a cybersecurity breach involving virtual infrastructure, , according to a recent survey by Kaspersky Lab -- an amount that is twice as much recovery from physical infrastructure security breaches.  The number is even higher – closer to $1 million – when indirect costs such as staff training to prevent future attacks are included.

There are a few causes for the cost difference. First is that organizations tend to use virtual infrastructure for their most mission-critical or sensitive data.  That means an attack on the virtual infrastructure is much more likely to result in the temporary loss of important data and an inability to operate core services, the report said.

While 36 percent of physical security breaches lead to a temporary loss of access to business-critical information, that number jumps to 66 percent when the breach affects virtual servers and desktops, the survey found. And with 77 percent of enterprises surveyed using virtualization in some form, the exposure to expensive breaches is substantial.

The second reason involves a lack of understanding about the risks in a virtual environment. According to Kaspersky, many organizations erroneously believe a virtual infrastructure is safer than a physical one (42 percent). Only slightly more than half are fully prepared to deal with a virtual breach, or fully understand the risks. And just 27 percent have installed a security solution for specifically for their virtual operations.

Finally, remediation costs escalate because addressing virtual attacks frequently require third parties, such as IT consultants, lawyers and risk management experts.

“Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure,” said Matvey Voytov, Kaspersky Lab's corporate products group manager. "However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit."

About the Author

Kathleen Hickey is a freelance writer for GCN.

inside gcn

  • cloud services (jijomathaidesigners/Shutterstock.com)

    AWS GovCloud gets more enterprise services

Reader Comments

Sun, Oct 4, 2015

If you don't understand virtualization, why are you reading an article that is targeted for readers that do? Try researching and learning about a topic before complaining that you don't know it.

Tue, Sep 29, 2015

Am I the only one to whom this article makes no sense? "...organizations tend to use virtual infrastructure for their most mission-critical or sensitive data." "...virtual attacks frequently require third parties, such as IT consultants, lawyers and risk management experts." Huh?

Tue, Sep 29, 2015

That is the point of Virtualization, to give you a reason to pay for more Windows licenses. That is why VMware discovered Virtualization.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group