Recovering from virtual breaches is doubly expensive for businesses

Security breaches against virtual infrastructure cost more to fix than attacks affecting physical infrastructure, according to a new report from Kaspersky Lab.

This is a key finding of Kaspersky's special report into the Security of Virtual Infrastructure which was based on a survey of 5,500 companies worldwide.

Larger enterprises paid more than £507,000 on average to recover from security incidents involving virtual infrastructure, while attacks involving only physical infrastructure were about half as expensive.

For small-to-medium size businesses, the cost on average was £38,000 per incident for virtual infrastructure attacks and £16,400 for attacks on physical assets.

Kaspersky believes the reason for this disparity is that virtual networks are more commonly used for high-value, mission-critical operations, and while an attack on physical nodes leads to loss of access to critical information in 36 percent of cases, this rises to 66 percent when it involves virtual servers and desktops.

Only 27 percent of businesses have deployed a security solution specifically designed for the virtual environment, even though 62 percent of companies that have already embraced virtualisation platforms are likely to entrust them with their most critical business processes.

“Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure. However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customised, virtual-aware security solutions with centralised management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away,” said Matvey Voytov, corporate products group manager, Kaspersky Lab.