The Australian Cyber Security Council found that 90% of Australian organisations faced some form of successful or attempted cyber-attack during the 2015/16 financial year. With most organisations experiencing multiple malicious threats on a daily basis1. And the dangers are only rising, Gartner predicts that by 2020 there will more than 20 billion ‘connected things’2, making it easier and easier for cyber criminals to inflict damage in an interconnected world.
With a growing number of gadgets that can be connected to your network, you may be surprised by how many deceivingly simple devices are able to provide cyber criminals an entry point and launch site for an attack on your business.
Organisations are rightly devoting more resources than ever to protecting their data. But while data centres, personal computers and internal networks receive the attention, most IT security strategies fail to address one common endpoint that we all take for granted. This Trojan Horse has increasingly become a major target for network breaches – and no one seems to be paying attention.
Innocently residing on the office floor, seemingly out of harm’s way, this device has become such a permanent fixture it has likely faded into the wallpaper of your office, however this overlooked endpoint is leaving you exposed and an alluring target for cyber attack. It’s your printer.
Printers at first may seem like a benign issue and you might think “so what” (and if you do, I assure you you’re not alone). However 11% of all security incidents are print related, equating to an average of nine print-related incidents per year3.
On the face of it, it’s difficult to imagine a scenario where a printer can be manipulated to infiltrate an entire company’s network and sensitive information. But as printers have evolved, you may have taken for granted that they:
It has recently been estimated that 71% of breaches4 start from an endpoint device, such as a printer. With 59% of businesses reporting at least one print related data breach last year5, your organisation cannot afford to be complacent.
At Data#3, conversations with our customers echo these statistics and a lack of awareness for print security across Australia. Most companies have not extended Cybersecurity Frameworks to include print devices and have no idea whether they have already had a printer-related cybersecurity breach. Every business needs to ask itself if I’ve had a print related cybersecurity incident would I even know? And is that by policy or chance?
A big incentive to consider your awareness of print security breaches is the pending introduction of The Privacy Amendment (Notifiable Data Breaches) Act 2017 which will be implemented by February 2018. This brings with it potential fines of up to $360,000 for individuals, $1.8 million for organisations as well as the risk of civil penalties if they fail to report a breach.
The obvious attack method may be plugging a USB key with malware into one of the printer ports, the reality is it’s even easier than that and the perpetrator doesn’t even need to be in the vicinity of the device. With just a phone, it is possible to hack the OS of an unprotected printer from anywhere in the world. All it takes is one employee to download and print an attachment or click a link.
Many managed print companies offer the facade of providing a secure solution with a swipe card/ follow me print style solution. The reality is this is simply not enough to protect a business in this era of cyber espionage.
Leading the charge to elevate awareness of print security risks and highlight how corporate networks can be compromised through insecure printers is HP. In conjunction with HP, we’ve identified six printer security hotspots that all businesses should be reviewing. Download the ebook below to ensure your business is protected.
Print security demands a comprehensive, approach that includes technology, policy, and people.
Ensure print is included in your Cybersecurity Strategy and build a framework that will allow you to monitor, manage and report on the entire fleet, regardless of the brand, model or age.
Seek expert guidance, take advantage of security assessment services which evaluate potential vulnerabilities in the print infrastructure and processes surrounding it.
1 Australian Cyber Security Council (2017, April). 2016 Australian Cyber Security Centre Survey. [Online] Available at: https://www.acsc.gov.au/publications/ACSC_Cyber_Security_Survey_2016.pdf
2 Gartner Inc. (2017, February 17). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. [Online] Available at: http://www.gartner.com/newsroom/id/3598917
3 Quocirca. (2019). Global Print Security Landscape. [Online] Available at: https://quocirca.com/content/quocirca-global-print-security-landscape-2019/
4 Mann, J (2017, July). Security For Everyone. [Online] Available at: http://www8.hp.com/us/en/hp-labs/innovation-journal-issue7.html
5 Quocirca. (2019). Global Print Security Landscape. [Online] Available at: https://quocirca.com/content/quocirca-global-print-security-landscape-2019/