What Retailers Need to Know: Every Dog Has Its Master

As HP’s film “The Fixer” points out, when hackers attack, you should be prepared to bite back. The key is to take printer security as seriously as any other retail security component.

istock 688005764 hp bp 1

You may have seen Christian Slater’s portrayal of The Wolf, a hacker who demonstrates how he and others could gain access to an organization’s entire network simply by uploading malware from an unsecured printer. You certainly won’t want to miss actor Jonathan Banks in the appropriately titled YouTube video, The Fixer, as the guy the victims call to make their offices secure to prevent misuse and attacks on printers and similar devices.   

U.S. retailers continually deal with the impact of shoplifting, employee theft, and vendor fraud, along with administrative and paperwork errors. Combined, these added up to $48.9 billion of “inventory shrinkage” in 2016, according to the National Retail Federation’s 2017 National Retail Security Survey.

A large retailer could be spending millions of dollars on cyber security and in-store surveillance systems and still leave gaping holes for insiders and outsiders to exploit, such as unattended printers. Across all industries, printers and imaging devices are often security blind spots that are open to exploitation. That could entail copying coupons for misuse, printing false price labels, or stealing customer data. It might also open the doors to cyber thieves.

Many companies overlook the risk of printer misuse. A 2016 survey from research firm Quocirca reveals that just 22% place a high priority on securing their print infrastructure, with retailers lagging behind financial and professional services companies. Meanwhile, the NRF survey also reports that loss prevention budgets are flat or declining for 64% of those surveyed—on the technology front, 76% are using point-of-sale (POS) data mining, down 6% from the previous year, although use of remote IP CCTV monitoring increased by 12% to 73%.

Retail companies are particularly prone to cyber thieves, who know they are ripe with credit card account numbers and other personally identifiable information that can be sold on the dark web for use in fraudulent transactions. Despite the ongoing migration to more secure chip-based EMV cards, the 2016 Trustwave Global Security Report found that retail accounted for the largest industry share of cyber incidents it investigated—23% of the total. Too often, the network becomes a criminal gateway to aging, legacy POS systems that may be harvested for payment card and personally identifiable information.

Broad array of threats

Retail companies large and small face challenges from a particularly broad array of threats, from simple to highly sophisticated. Crooks may enter through digital back doors, or physically stroll through the front door, all constantly on the alert for security gaps and the easiest way to commit a crime. Retailers can also be challenged by a lack of IT resources.

Printers, copiers, faxes, and multifunction devices, ubiquitous in virtually every business, are highly sophisticated computing devices that may have access to the enterprise network. They can be equipped with storage memory that contains confidential information. Often unattended, they can be quickly accessed by somebody looking like an ordinary shopper, who may misappropriate documents left unclaimed in the output tray; insert sophisticated code that provides the means to find unintended gateways to sensitive parts of the organization; or capture consumer data and exfiltrate it via the internet.

With access, anything is possible

Once a criminal has access to the enterprise network, anything is possible. The infamous Target breach of 2013, for example, reportedly resulted from exploiting an HVAC vendor’s credentials to access the retailer’s supplier portal in order to seize POS system data. These POS systems are constantly under assault, with criminals looking for security gaps, as recent breaches at Sonic and Whole Foods demonstrate.

But there are solutions, ranging from the simple—such as printer access policies—to the sophisticated—such as printer malware protection and managed print services. The key is to take printer security as seriously as any other retail security component. As The Fixer points out, every dog has its master. Every retailer needs to master this area.

Learn more at HP Print Security.




Copyright © 2017 IDG Communications, Inc.