I was gambling in Havana, I took a little risk, Send lawyers, guns, and money, Dad, get me out of this - Warren Zevon ("Lawyers, Guns and Money", 1978)

There are hundreds of millions of business printers in the world.  Less than 2% of them are secure.  If you're not taking your printer security seriously, someone else might be!

Printing confidential information to an unsecured network printer is a risky endeavor.  However, the risks do not stop with the printed page.  Unmanaged printing and imaging devices leave your entire network open to data breaches, and while cybercriminals can use these printers to establish an initial foothold, the printer is not the target. The target is your business data.  Unsecured printers can be easily hacked and turned into a portal for stealing sensitive data, and a compromised printer can then be used to launch ongoing sophisticated attacks on a company’s network.  This exposure created by an unsecured network printer can be financially catastrophic.

The endpoint security risks presented by unsecured network devices leave businesses open to malware and viruses, as well as unauthorized access to confidential resources, and a host of other data and control risks.  While IT departments regularly spend significant time and money applying security measures to network infrastructure via firewalls and anti-virus solutions, printing and imaging devices are often left completely exposed.  Hackers have realized that unsecured printers are an easy way to circumvent firewall and anti-virus security, and the number of these attacks on unprotected endpoints are increasing at an exponential rate.

• 90% of enterprises say they have suffered at least one data loss though unsecured printing.¹

• 59% of organizations reported a print-related data loss incident in the past year (70% for retail)²

• In 2018, there was a 17% increase in the number of companies compromised by attacks originating from a network endpoint³

Furthermore, the economic losses generated by these attacks can be significant and even devastating.  Quite recently, enterprise organizations Capital One and Equifax experienced catastrophic data breaches costing them approximately $150 million and $650 million, respectively. Significant financial consequences can be exhibited in the immediate loss of IT and end-user productivity, damage to IT infrastructure, and losses incurred by the theft of information assets. However, there are hidden costs manifested by these attacks as well.  Compliance penalties and fines, as well as identity theft restitution, and tarnished reputation and brand image all contribute to the very real losses that occur when an organization's security is successfully breached.

          

Ultimately, today’s print devices are as technologically advanced, and therefore as vulnerable, as any other device on the network…including PCs. Of course, cybercriminals have become fully aware of these vulnerabilities, and industry experts are validating our concerns via news articles and whitepapers:

• “Modern printers are essentially advanced, specialized network hosts, and as such, they should be given the same level of security attention as traditional computers,” says Kevin Pickhardt in Entrepreneur. ⁴ “Office printers are not only potential sources of data loss and confidentiality issues, but attack vectors that hackers can exploit.”

• According to IDC, “Most printers have broad access to an internal network. An attacker who compromises a printer can have unfettered access to an organization’s network, applications, and data assets.”⁵

Fortunately, HP is innovating printer security standards by offering comprehensive Security Solutions which focus on addressing endpoint vulnerabilities.  These solutions help organizations establish and institute security policies based on National Institute of Standards and Technologies best practices.  They deploy automated assessments, followed by automated remediation of devices not compliant with established policies. Finally, risk-based reporting tools provide proof of compliance for regulatory audits in the form of audit trails and compliance documentation.  

As an HP Print Security specialist, I’m helping my clients identify and mitigate risk as it relates to their printer fleet.  I would welcome the opportunity to discuss printer vulnerabilities specific to your organization, and how we might reduce the exposure they create to your business data.

Please drop me a line and we'll schedule a time to discuss this with your IT security team. 

Brian

Brian Merson | Major Account Executive/HP Print Security Specialist | Centric Business Systems | 1800 Dual Highway, Suite 305 | Hagerstown, MD 21740 | Direct: 240-675-9725 | bmerson@centricbiz.com

1 HP: Protecting printers with enterprise-grade security”  Moor Insights and Strategies, 2014

2 Quocirca Global Print Security Study, Louella Fernandes, February 2019

3 Barkly, “The 2018 State of Endpoint Security Risk”, Ponemon Institute LLC, October 2018

4 Pickhardt, Kevin, “Why Your Innocent Office Printer May Be a Target For Hackers,” Entrepreneur, January 31, 2018. 

5 Brown, Duncan, et al., “IDC Government Procurement Device Security Index 2018,” IDC, May 2018.