This blog was updated on 4th December 2017
At the turn of the year, our CTO wrote about the three key areas we think will be most relevant to our customers – cloud, mobility, and security. This article aims to address the security piece in particular – but an area of security you probably haven't even thought about!
Businesses and organisations often take a commoditised view of their print estate. But just like the rest of the IT world, print services have had to adapt to the changes that cloud computing and mobile working bring, and this has resulted in a growing need for organisations to seriously consider how they secure their print estate. While most organisations have clearly defined security policies for their PCs, networks, and storage, print is commonly overlooked.
Printers today are like PCs; they have an operating system, applications, and various functions connected to the internet. This means that they are a prime target for hackers to enter your network if not properly secured.
There have been incidents where a printer has been hacked to play videos game, a drone has posed as an open printer and accessed user documents, and malware has taken over a printer's operating system and gained access to the wider network. While we take care to lock down our networks and mobile devices, it's all too easy to leave printers wide open for those with malicious aims!
HP's 'The Wolf' video shows how printers are particularly vulnerable to attack and one of the easiest ways into a network for hackers. This video shows how hackers target printers and use them to extract company data with ease, if unsecured.
Security in print is not often talked about when IT departments are looking at their security strategy. I recently attended a security event presented by leading EMEA Security Specialist, Howard Roberts. To set the scene, Howard presented some quotes and facts from Peter Kim, industry-leading penetration tester and author of 'The Hacker Playbook'.
Hacking unsecured printers is easy[…]I probe around for a multifunction printer and see that it is configured with default passwords. Great, I am in.
We've compromised a number of companies using printers as our initial foothold. We move laterally from the printer, find Active Directory, query it with an account from the printer and bingo, we hit GOLD…
- Peter Kim, The Hacker Playbook
During Howard's presentation to a roomful of the industry's most knowledgeable and market leading print experts, he asked a few probing questions about security in print – you could hear a pin drop; not one person in this room could answer his questions. He stated confidently that he considers less than 2% of the world's printers to be properly secured.
Personally, I believe the reason organisations are not thinking about security in print is partially down to an old-fashioned view of print as a simple commodity, and a lack of understanding of the true extent of the threats or potential ramifications if not correctly protected.
As of May 2018, the new General Data Protection Regulation takes into effect. Companies who are found in breach of personal data can face a penalty for non-compliance of up to 4% of a company's global turnover. Unsecured print estates are an easy target for hackers – and one that organisations cannot afford to ignore with such severe penalties at stake.
Our approach is to break it down into three areas of focus:
By establishing and utilising print security software, you are able to set a fleet-wide print security policy that ensures any device added to the network must comply with the security settings agreed, if not, the device is blocked. The software also offers ongoing run-time intrusion detection that ensures any breaches into the device can be immediately actioned. If required, the software automatically protects the devices BIOS and installs a safe firmware.
This video demonstrates how HP have built 'runtime intrusion protection' into their Enterprise devices to automatically identify and remediate security threats in real time, with no management overhead. This is effectively like having Sophos/McAfee built into these devices to secure them; or the equivalent of Palo Alto/ Cisco intrusion protection features in networking terms.
Protect data in transit to and from the device with data encryption and authentication solutions. You can also extend this protection to mobile devices with certain solutions.
Aka 'Follow-me' print. Reduce unclaimed print jobs, protect confidential documents and improve efficiency with a print management solution. If further security is required around certain sensitive document printing, there are even counterfeit deterrent solutions available.
For a confidential discussion on any of the risks raised in this article, please get in touch with the Softcat print services team via your account manager or using the form below.
We would love to hear any comments you have about this article!