Keeping an eye on the overlooked security threat hiding in your office
What’s the biggest security liability in your office? The one you aren’t thinking about.
Researchers recently proved what many in the print industry already knew: Multifunction printers (all-in-one printer/copier machines) can be hacked to deliver malicious code or to access an internal network. These vulnerabilities are not limited to any one manufacturer or specific type of output device. All printers, copiers, and fax machines with an internet connection are at risk. Once hackers exploit these weaknesses and reach into your network, they can do anything from stealing documents to launching ransomware.
In one recent example, a fan of a popular YouTube star took control of 50,000 printers to print memos encouraging people to watch and subscribe. The attack was essentially harmless, but afterward, the fan admitted he’d identified upward of 800,000 printers he could’ve targeted. Imagine if his intentions were malicious.
People tend to overlook printers as a cybersecurity weakness because they’re seen as old and simple technology — but that’s exactly why they present a risk. Printers, both old and new, come with design-driven security risks, making them low-hanging fruit for hackers looking to attack networks with stronger defences in other areas.
Printers are just one example of the many connected devices that are proliferating in homes and offices. By 2020, Gartner projects more than 20 billion of these devices will be in operation. And unless security issues are explicitly addressed, each of those devices is a potential point of attack.
Making secure print a priority
Companies are recognising they cannot accomplish this alone; they need the help of specialists. Organisations are therefore turning to the “infrastructure as a service” model to manage print broadly, sharing the burden of IT and security management. Lowering expenses and minimising IT tasks dedicated to print are primary reasons to leverage IaaS for printing operations, but security improves across the board, too.
When print is managed via the cloud, you don’t need print servers to enable employee printing. This means less for IT to manage and fewer points of vulnerability in your environment.
But here is perhaps the most important advantage to moving print operations to the cloud: Major cloud service providers like Amazon Web Services, IBM, Google, and Microsoft throw unmatched resources at ensuring the security of their cloud services. They have routine security audits and certifications, and they take on a significant liability. Updates and patches are applied automatically — without the need for IT’s input. In short, the strongest and most reliable security features available are protecting your printing data.
IT directors who believe they can keep their printing data more secure than these services are either doing something exceptionally right or they are mistaken.
One survey of IT professionals suggested up to 16 percent of the attacks they faced were launched through printers. More broadly, an estimated 71 percent of all data breaches target end points like printers, faxes, VoIP phones, and other connected devices that tend to fly under the radar. The office is filled with gaps and cracks in its cybersecurity strategy. Moving as much as possible to the cloud shores up everything at once. Increasingly, this is where the enterprise is headed.
IaaS and the future of printer security
As the IaaS model continues to expand, it will become the standard business tool for security and more. By 2022, up to 90 percent of organisations will rely on IaaS services through a public cloud. And companies are prioritising clouds that offer a wide range of services (rather than just basic infrastructure).
Spending on public cloud services is expected to grow to $39.5 billion by the end of 2019, up 28 percent from 2018. Understanding how much money is migrating to the cloud is important: It underscores why the cloud is the preferred option for printer security moving forward.
As I mentioned earlier, the top cloud service providers in the world are also the wealthiest. In the interest of maintaining their reputation and market share, they invest immense resources to ensure their services are as secure as possible. These companies are in the best position to win the ongoing cybersecurity war, especially in terms of spending and scale.
IaaS also provides a unique antidote to the apathy that can creep into printer security. Consider this: In one survey, 95 percent of respondents said printer security was a priority, yet only 25 percent felt confident they were adequately protected. If there is still that much uncertainty around printer security — even among organisations that treat it seriously — a new approach is obviously overdue.
Cloud-based security requires a different focus than traditional corporate IT security: Instead of securing the perimeter, it secures the individual assets. Data breaches have become prevalent, even at organisations with strong perimeter security in place. Experience suggests such a broad approach overlooks too many vulnerabilities, and several are outside the control of IT (like human interaction and social engineering).
Concentrating on the assets instead of the entry points allows companies to deflect the damage — even when they can’t avoid the attack. Think of it this way: Banks have locks on their front doors, but they still keep money in their vaults. And we have learned to trust them more than we trust the underside of our mattresses.
Printer-related vulnerabilities grew by 21 percent in 2018. Advances made by printer manufacturers represent only a small piece of the puzzle. By taking print operations to the cloud, companies can off-load a significant IT resource burden and focus more on what they do best — all while doing more to protect their printers and document output workflows.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Canadian government to invest in BlackBerry’s QNX platform for a driverless car future
- » The cybersecurity angle: Why recent research and investment in quantum and IoT is key
- » Why the missing link for enterprise digital transformation is Zero Trust Security
- » Why SIEM alone is not able to stop insider threats
- » Why 74% of data breaches start with privileged credential abuse