The Trojan Horse to your security strategy

The Australian Cyber Security Council found that 90% of Australian organisations faced some form of successful or attempted cyber-attack during the 2015/16 financial year. With most organisations experiencing multiple malicious threats on a daily basis¹. And the dangers are only rising, Gartner predicts that by 2020 there will more than 20 billion ‘connected things’², making it easier and easier for cyber criminals to inflict damage in an interconnected world.

With a growing number of gadgets that can be connected to your network, you may be surprised by how many deceivingly simple devices are able to provide cyber criminals an entry point and launch site for an attack on your business.

Organisations are rightly devoting more resources than ever to protecting their data. But while data centres, personal computers and internal networks receive the attention, most IT security strategies fail to address one common endpoint that we all take for granted. This Trojan Horse has increasingly become a major target for network breaches – and no one seems to be paying attention.

The best target for attack is the one no one’s thought to protect.

Innocently residing on the office floor, seemingly out of harm’s way, this device has become such a permanent fixture it has likely faded into the wallpaper of your office, however this overlooked endpoint is leaving you exposed and an alluring target for cyber attack. It’s your printer.

Printers at first may seem like a benign issue and you might think “so what” (and if you do, I assure you you’re not alone). However 11% of all security incidents are print related, equating to an average of nine print-related incidents per year³.

On the face of it, it’s difficult to imagine a scenario where a printer can be manipulated to infiltrate an entire company’s network and sensitive information. But as printers have evolved, you may have taken for granted that they:

• can connect wirelessly to the network
• can access the internet
• have their own operating systems
• contain hard drives
• and have apps and other executables installed on them.

It has recently been estimated that 71% of breaches⁴ start from an endpoint device, such as a printer. With 59% of businesses reporting at least one print related data breach last year⁵, your organisation cannot afford to be complacent.

At Data^#3, conversations with our customers echo these statistics and a lack of awareness for print security across Australia. Most companies have not extended Cybersecurity Frameworks to include print devices and have no idea whether they have already had a printer-related cybersecurity breach. Every business needs to ask itself if I’ve had a print related cybersecurity incident would I even know? And is that by policy or chance?

A big incentive to consider your awareness of print security breaches is the pending introduction of The Privacy Amendment (Notifiable Data Breaches) Act 2017 which will be implemented by February 2018. This brings with it potential fines of up to $360,000 for individuals, $1.8 million for organisations as well as the risk of civil penalties if they fail to report a breach.

Hacking is simpler than you think.

The obvious attack method may be plugging a USB key with malware into one of the printer ports, the reality is it’s even easier than that and the perpetrator doesn’t even need to be in the vicinity of the device. With just a phone, it is possible to hack the OS of an unprotected printer from anywhere in the world. All it takes is one employee to download and print an attachment or click a link.

Is anyone doing anything about this?

Many managed print companies offer the facade of providing a secure solution with a swipe card/ follow me print style solution. The reality is this is simply not enough to protect a business in this era of cyber espionage.

Leading the charge to elevate awareness of print security risks and highlight how corporate networks can be compromised through insecure printers is HP. In conjunction with HP, we’ve identified six printer security hotspots that all businesses should be reviewing. Download the ebook below to ensure your business is protected.

So, what to do?

Print security demands a comprehensive, approach that includes technology, policy, and people.

Ensure print is included in your Cybersecurity Strategy and build a framework that will allow you to monitor, manage and report on the entire fleet, regardless of the brand, model or age.

Seek expert guidance, take advantage of security assessment services which evaluate potential vulnerabilities in the print infrastructure and processes surrounding it.

If you’d like to know more about Secure Managed Print Solutions, contact us and ensure that your most valuable asset – corporate and customer data – is protected.

1 Australian Cyber Security Council (2017, April). 2016 Australian Cyber Security Centre Survey. [Online] Available at: https://www.acsc.gov.au/publications/ACSC_Cyber_Security_Survey_2016.pdf
2 Gartner Inc. (2017, February 17). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. [Online] Available at: http://www.gartner.com/newsroom/id/3598917
3 Quocirca. (2019). Global Print Security Landscape. [Online] Available at: https://quocirca.com/content/quocirca-global-print-security-landscape-2019/
4 Mann, J (2017, July). Security For Everyone. [Online] Available at: http://www8.hp.com/us/en/hp-labs/innovation-journal-issue7.html
5 Quocirca. (2019). Global Print Security Landscape. [Online] Available at: https://quocirca.com/content/quocirca-global-print-security-landscape-2019/