PRINTER SECURITY
Printers: the unseen threat hiding in plain sight Despite threats from cybercriminals increasing, many businesses are still overlooking the vulnerability of printers to be subjects of attack – and this needs to change, says Faki Saadi, regional director, UK at SOTI.
In recent years, businesses have seen a rapid influx in the number of internet-connected devices in their networks; devices that must be monitored, managed and secured to protect confidential business data and improve the resiliency of organisations against cyberthreats. But, while many companies actively secure laptops, mobile phones and even handheld scanners, some technologies are being overlooked. Six in 10 organisations have experienced a printer-related data loss over the past year, according to analysts QuoCirca. This is a worrying figure that highlights how printers may not be regarded by organisations as traditional targets for network hackers; something that was also discovered in recent SOTI research. SOTI’s study revealed that many companies lack visibility over the printers in their networks, with more than a third lacking the ability to access real-time location and status updates of printers or information about their settings. But what is the extent of the unseen printer threat and how businesses can better protect themselves? What’s at risk? Mobile, industrial and label printers all process and store much more data than ever before, including personally identifiable information, payment details, trade secrets and in the case of healthcare, patient records. This information is temporarily stored when there is a queue of print jobs or is captured by newer models, often equipped with internal hard drives, that save information when scanning or printing. This allows staff to store previous data for quicker retrieval, offers the ability to gain access when a device is offline and the assurance that if connectivity issues occur in the middle of a job, the printer can retain information and resume activity
Faki Saadi regional director. UK
soti.net
once reconnected. While this offers a level of convenience, all this data is appealing to hackers as it can be used to create sophisticated and personalised phishing scams, be sold on the dark web or facilitate identity fraud. A lack of visibility and appropriate printer security can mean that any saved information that is sent to be ‘printed’ can be accessed by unwelcome guests. But it can also have a detrimental knock-on impact, as hackers use ‘lateral movement’ to encroach on the wider corporate network if proper segmentation isn’t put in place. It’s therefore essential that organisations look to incorporate end-to-end encryption to protect this data and ensure only authorised recipients can use these devices. Some may also benefit from restricting printer access to necessary services and users to minimise the possibility of a cyberattack or leak. In tandem with this, organisations need to work to educate their employees on what they’re printing and the data at risk. This includes asking them to consider whether a document really does need to be printed to
A lack of visibility and “
appropriate printer security can mean that any saved information that is sent to be ‘printed’ can be accessed by unwelcome guests.
”
38
Powered by FlippingBook