Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

Printers are an overlooked soft target in the enterprise that can make an attacker's job much easier, despite extensive built-in security features that rarely get turned on, according to recent research by two unaffiliated security research teams at Symphion and NCC Group.

Most enterprises outsource their printers to managed print services (MPS) providers, and the intense competition on price among MPS providers has encouraged many of them to optimize for cost and efficiency, but not for security. That leaves gaping holes in many organizations' defenses.

"[Printers] sit and are configured on sensitive parts of corporate networks," NCC Group researchers Daniel Romero and Mario Rivas told 44CON in London in September. "[Printers are] great for pivoting and launch network attacks. They process all manner of information, [and] are often assumed to be low-risk targets and fairly dumb in capability. [Printers are] common office devices present in all organizations, [with a] very immature state of security, and largely ignored in most organizations."

Straddling the line between shadow IT and "who's responsible for those devices, exactly?", security leaders often have poor visibility into printer deployments because such procurement is usually done outside of the IT purchasing cycle without the security team in the loop.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!