As the office printer has increased in importance and become integrated into the document management workflows at many Canadian enterprises, it has also become a reliable gateway for hackers looking for a new way to access corporate networks.
Printers today share many of the same technology components as PCs. They are powerful, Internet-connected devices with memory, hard drives, operating systems and software applications. They are just as vulnerable to attack as any computing device, yet, they are often overlooked from a security perspective.
While organizations are more than willing to set aside huge sums of cash to secure their IT systems, those budgets don’t always extend to locking down Internet-connected printers. In fact, a recent survey of more than 150 IT professionals in Canada we conducted with Spiceworks, concluded that printers are among the top five devices most commonly connected to networks, with only 47 per cent of them secured by IT. This lines up with data from an IDC survey which found that while 80 per cent of companies viewed overall IT security as important, only 59 per cent said the same about printer security.
The disconnect between IT and printer security must end and the stakes are incredibly high.
According to the Ponemon Institute the average total cost of data breaches involving Canadian companies surveyed was about $6 million, or $278 per lost or stolen record. Lost business from data breaches, meantime, cost these companies about $2.25 million. Across Canada, cybercrime is estimated to drain $3.12 billion from the country’s Gross Domestic Product (GPC) each year.
Study after study confirms printers are involved in more than half of all data breaches. Our own research suggests that 90 per cent of all breaches may involve printers. Indeed, they have become a real Achilles heel for many IT security staffs.
Earlier this year, Internet-connected printers at Simon Fraser University in Vancouver were hacked to automatically print pages of hate literature. The hacker allegedly used a freely available tool to find and penetrate vulnerable printers in at least 13 North American universities – just to prove he could.
Why is this happening?
One reason is IT guidelines for securing printers aren’t always followed across larger organizations. Printers tend to be spread out everywhere and are often maintained by several IT departments. Some departments are better than others at applying security patches.
In the case of Simon Fraser University, one department had not adhered to university security standards, and a printer was hacked.
Another reason is too many organizations and individual employees still regard printers as disconnected machines, like toasters or other countertop appliances. Many of us – both the technologically savvy and not – often forget that when we’re wirelessly printing a document, it must go through the digital ether to arrive at its destination. And if our communication isn’t encrypted, anyone can snatch it out of the air.
A relatively easy solution would be to encrypt everything and require password authentication to retrieve it. Sadly, few organizations do either of these things, which opens the door for hackers to launch “man-in-the-middle” attacks.” With man-in-the-middle attacks, hackers get in the middle of a transmitted communication and secretly divert documents to their own machines. In this way, they can gain access to a whole array of private documents a CEO, CFO or other employee might be printing.
No doubt, such attacks can be extremely damaging. The good news is that the print industry has been working feverishly to add security countermeasures to its products for several years now.
HP, for example, embeds sophisticated BIOS protection and data encryption features into its printers. It also offers add-on security software, such as a cloud-based Pull Print solution, which requires users to authenticate at the device in order to release a print job.
In addition to hardware and software enhancements, some vendors provide managed print services that enable employees to print from anywhere, anytime using their mobile devices. Many organizations have as many as 30 to 40 per cent of employees working in telecommuter environments. The trouble is that printing remotely from mobile devices can be risky.
As such, some services include important security benefits that prevent documents from being printed remotely until a proper code or password is entered. Another available safety protocol supports responsible disposal of assets, such as purging the hard drive of information after it is printed.
Secure managed print services can do even more. They provide software security solutions to detect and fix vulnerabilities, as well as employ security experts to conduct risk assessments, guide development of IT security strategies addressing printers and advise organizations about complicated compliance requirements.
The upshot of all of this is that while many printers in Canadian organizations remain vulnerable to attack, there are plenty of steps that can be taken and numerous features that can be deployed to safeguard them. Printers do not have to be an Achilles’ heel for any enterprise organization.
Christoph Schell is the President of the Americas for HP Inc.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…