Companies in the non-profit/charitable and education sectors rated virtualization security as their lowest IT security priority, according to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, These rankings of virtualization security were the lowest recorded across all business sectors. The survey data suggests that both sectors had different factors influencing this indifference to virtualization security, and also shows which IT security factors are seen as top priorities.
The non-profit/charitable sector reported the lowest rate of virtualization adoption across all sectors of Kaspersky Lab’s survey. Only 42 per cent of charities and non-profits thought virtualization was becoming a core part of their IT infrastructure, compared to a global average of 52 per cent. Given this low rate of adoption, it was not surprising to find that both charities and non-profits also reported the lowest security prioritisation of their virtual infrastructure. Only ten per cent of charities and non-profits said securing their virtual infrastructure was one of their top three IT security priorities for the coming year. Charities and non-profits only ranked one IT area lower than virtualization – physical security of their business systems, at eight per cent – and assigned the highest prioritisation to continuity of service (37 per cent), identity and access management (31 per cent), and security of mobile devices (30 per cent).
The education sector shared a similar attitude to the importance of securing virtual infrastructure, with only ten per cent stating virtualization as a top three concern. However, the sector did report a higher than average usage of virtualization, with 54 per cent reporting virtual environments as a core part of their IT infrastructure, a rate that was 12 per cent higher than its charity counterparts. Despite their relatively high rate of virtualization usage, IT managers at education facilities said their top security priorities are preventing data leaks (29 per cent), continuity of service (28 per cent), and providing information security training to employees (28 per cent). Interestingly, educators placed security training for employees as a higher priority than any other business sector in the survey.
The non-profit and education sectors provide an interesting comparison when evaluating attitudes and usage towards IT resources, particularly virtualization. Both sectors typically receive some degree of government or public funding, and their IT departments often suffer from budget restrictions. At its core, virtualization is about doing more with less by maximising existing resources rather than making costly hardware investments. With this mentality, it would seem charities and schools could stand to benefit the most from virtualized IT infrastructures.
In addition to budget constraints, the Non-Profit/Charity and Education sectors also rely on their IT security measures to protect huge amounts of personal data they store, making any under-equipped IT departments particularly vulnerable to data theft. Charities in particular rely heavily on donations, so maintaining their reputation for securely managing the personal and financial information of their donors is paramount.
According to Kaspersky Lab’s survey, 63 per cent of non-profits and charities said damage to their reputation would be the worst potential consequence of a data breach. When asked what type of data they most feared losing, 41 per cent of non-profits and charities cited their client and donor information, a rate that was far higher than any other business sector.
Educators placed similar importance on their reputation, ranking damaged reputation as their second most feared consequence of a data breach, with 44 per cent of respondents citing this outcome. This consequence was only slightly behind their top concern of losing access to critical information, cited by 48 per cent of respondents. Educators also agreed that their client information – in this case, the information of students and faculty – is the data they most fear losing, cited by 21 per cent of respondents.
However, a lack of awareness and understanding of virtualization security is hardly unique to these sectors. Kaspersky Lab has previously reported that a large portion of IT professionals lack a strong understanding of virtualization security. The survey found at least one-quarter of all IT professionals had “no understanding” or “a weak understanding” of their virtualisation security options.
“Given their budget constraints and sensitivities to data breaches, the cost of an IT security incident would be particularly painful to these education and non-profit organisations. This is what makes the low consideration given to virtualization security particularly troubling. Virtual IT networks can produce huge cost-savings for resource-strapped organisations, but could also create a window for cyber threats if not properly secured. As more schools, charities and non-profits slowly begin implementing virtual IT resources, we hope their prioritisation of virtual security will also rise from its present low rates” comments David Emm, Principal Security Researcher, Kaspersky Lab.
Information about Kaspersky Security for Virtualization, as well as a number of resources to help explain different styles of virtualization security, can be found in Kaspersky Lab’s business center. More data around business trends and usage of virtualization and virtualization security identified by Kaspersky Lab’s global survey can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.