Ignorance of Cyber Vulnerability Is No Excuse

A lack of oversight leaves organizations wide open to compliance violations and the exposure of consumer information.

istock 479801118 5

Network printers today are pretty reliable. As long as they’re working, nobody pays much attention. But those low-maintenance devices may be a source of vulnerability to cyber assaults, and a compliance headache in the making. Ignorance may be bliss, but try telling that to at-risk customers or inquisitive regulators.

Worldwide spending on security products and services is projected to total $86.4 billion in 2017. Yet many organizations don’t include networked printers in their security scope. According to a Ponemon Institute report, “Only 44 percent of respondents say their organizations’ security policy includes the security of network-connected printers.”

The report continues: “Only 34 percent of respondents say their organization has a process for restricting access to high-risk printers, including printed hardcopy documents. As a consequence, an average of 44 percent of network-connected printers within their organizations are insecure in terms of unauthorized access to data stored in printer memory and an average of 55 percent are insecure in terms of unauthorized access to printed hardcopy documents.”

This lack of oversight leaves organizations wide open to compliance violations and the exposure of consumer information and intellectual property. It also exposes network assets to a broad array of cyber-attacks. Many printers and multifunction printers (MFPs) employed in business incorporate sophisticated processors, electronic storage, and internet connectivity, all of which provide opportunities to hackers and disgruntled employees.

“MFPs are prevalent across businesses of all sizes and as such they are a critical network endpoint that must also be secured,” states research and analysis firm Quocirca. “Even behind a firewall, an MFP can be a front door to the network leading to the potential for compromising corporate or customer data.”

Criminals also utilize an array of technology tools to continuously probe for security gaps. “Cyber criminals are also getting more sophisticated, have more funding and are a danger to all endpoints – especially the network printer that is a common entry point for malware and other attacks and can result in compromising sensitive data,” writes IT World Canada.

Adds this IT Pro report: “Once the printer itself is compromised, everything going through it will be too. Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network.”

Fortunately, organizations can take immediate steps, ranging from tightening up security policies to implementing best practices. Furthermore, enterprise printers from HP utilize sophisticated technologies that make printers active parts of the security defense, including continuous monitoring and intrusion detection. When malware is detected, these systems can automatically reboot to prevent the execution of malware and self-heal the internal BIOS by reloading an authentic HP copy of the BIOS code.

For more information on pinpointing and blocking vulnerabilities, go to HP Printer Security.


Copyright © 2017 IDG Communications, Inc.