In Search of Prey

Printers are a vulnerable endpoint that can provide hackers with access to the corporate network

istock 588348958 bp 1

Cybercriminals are like wolves – constantly lurking, ever alert for the weakest prey. In many organizations, networked printers are at the bottom of the security feeding chain, leaving them ripe for attack.

A Spiceworks survey of IT decision makers found just 16% of respondents considered their printer to be a high security risk.1 This despite a 2016 survey from research firm Quocirca that showed 63% of businesses experienced print-related data breaches.

According to IDC, printers are a vulnerable endpoint that can provide hackers with access to the corporate network. But they are also a target because sensitive documents pass through them and are stored in memory.

The Wolf is at the door

Healthcare is a particularly alluring target for criminals because industry organizations are often sitting on huge volumes of personally identifiable information such as home addresses and social security numbers, along with financial information such as credit card and bank account numbers. Together, they provide lucrative opportunities for financial fraud.

In a healthcare setting, those vulnerabilities alone represent major compliance risks, potentially exposing digital records. Christian Slater’s portrayal of The Wolf provides eye-opening insight into how vulnerable printers could initiate a devastating domino effect of security failures leading to compromised records.

Printing and imaging devices can be easy to use, even if personnel have absolutely no technical skills. So it’s easy to forget these are sophisticated devices that include firmware, software, and networking protocols, each of which represents a potential vulnerability to cybercrime.

No such thing as low-risk connected device

Security teams may be lulled to the threat because these devices are viewed as low-risk and behind the enterprise firewall. In today’s world, though, there’s no such thing as a low-risk connected device. According to one survey, 61% of large enterprises experienced a print-related breach. Despite this threat, the Spiceworks survey found that 43% of surveyed organizations ignore printers in their end-point security practices.

As The Wolf scenario illustrates, a criminal could gain access to a healthcare organization’s entire network simply by walking up to an unsecured printer, slipping a memory stick into an unprotected USB port, and uploading malware to exploit many potential avenues from inside the firewall.

Steps to fill the gap

It doesn’t have to be this way, though. Technology is available now to ensure that printers and imaging devices don’t become a gateway for cyber crooks. Some of the basic steps that can be taken to tighten data security include:

  • Data encryption of print jobs in transit and stored in local media
  • Disabling unused USB ports
  • Authentication and access control to prevent unauthorized use and configuration.

Those are just a few steps that IT can implement. For a comprehensive look at options available to healthcare organizations, go to HP Print Security.

1 Spiceworks survey of 309 IT decision-makers in North America, EMEA, and APAC, on behalf of HP, November 2016.




Copyright © 2017 IDG Communications, Inc.