Industry talking to customers What's this? Why just one printer could cost you $9.5 million Published: March 1st, 2018 By: Glenn Weir To drive growth in today’s competitive economic climate, businesses need to embrace new technologies, digitized processes, and remote working models. While these business changes bring about huge benefits, they also bring security complexities and can leave businesses exposed to cyber attack. The 2016 study by the Ponemon Institute shows average annual losses to companies worldwide now exceeds $9.5 million.IoT opens up opportunities and vulnerabilities The International Data Corporation (IDC) predicts that the number of connected devices in the Internet of Things (IoT) will reach 30 billion in 2020.1 Intelligent initiatives, like Smart Cities from GE (fitting sensors into LED lamps across cities), will improve lives but also create more opportunities for cyber attackers to pounce.The IoT has already led to a rise in DDoS attacks, with breaches happening through a number of unexpected devices, such as surveillance cameras, digital video recorders, and other connected devices. In 2016, hackers forced a well-known security journalist to take down his site in a cyber attack that was powered by 1.5 million hijacked CCTV cameras.Just one unsecured device—and your entire business is vulnerable According to recent research by Spiceworks, 88 percent of businesses have an IT security policy.2 Businesses are also increasing their focus on security at a top level: Fifty-four percent have a CISO in charge, and 45 percent have the Board involved. According to recent figures from PwC, 54 percent of businesses use data analytics to assess, monitor, and track security—as well as standard perimeter policies.3However, Spiceworks also found only 16 percent of businesses see printers as a risk. The reality is your network is vulnerable unless every connected device is included as part of your overall security policy.Multilayer security down to every endpoint is essential Out of the 88 percent of businesses that have an IT security policy, 3 out of 5 cite compliance, risk avoidance, and establishing security practices as the main drivers for their policy—as they should. New compliance regulations, such as the EU General Data Protection Regulation (GDPR) and the EU directive on the security of network and information systems (NIS Directive), are putting businesses under increasing pressure to have sufficient security policies in place to protect customer and company data.The need for a robust, multilayer defense policy inclusive of endpoint devices has never been greater. It is the only way businesses can hope to avoid the negative impact of a breach on the brand and business—and hefty regulatory fines. If your printers are under-secured, your entire business is at risk.Harden your printer security In a recent paper, The Printer Is an Endpoint, IDC urges organizations to pay the same attention to printers as they do to PCs and recommends the following steps are taken urgently by IT teams.Inventory: The organization should compile a complete inventory of all printers, brands, models, features, and configurations. With printers, this can often prove difficult, as employees may install their own printers in unidentified places. The best approach is to use a network access controller (NAC) or asset management tool that has device discovery as a core function to identify all printers on the network.Harden: Shut off unneeded services that the printer offers, such as File Transfer Protocol (FTP). The danger is some printers will allow hackers to make FTP requests and take jobs off a print spool anonymously. But the most important action is administrative password management. Ensure default passwords are reset to combat easy attacks.Maintain and patch: Maintain and patch printer endpoints to create harder targets, pushing cyber miscreants to use their tools on organizations that have not maintained their systems. Some printers will come with tools that allow you to monitor, manage, and patch printers, which can prove extremely useful.Secure the connection: Shore up the management protocols used for the printer, for example, by choosing a management protocol that provides encryption. Also, make sure your printer does not have wide-open access to the rest of your internal network.For more information on securing your printers, visit http://www.hp.ca or download IDC’s The Printer Is an Endpoint paper.SourcesMacGillivray, Carrie, “Worldwide Internet of Things Forecast Update, 2015-2019,” International Data Corporation (IDC), February 2016.“HPI Printer Security Research,” Spiceworks, Nov 2016.“The Global State of Information Security Study,” PwC, 2016.