This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
As a seemingly innocuous device sitting on the corner shelf, the office printer often does not feature on an IT manager's list of security concerns. Most IT decision makers fret over risks to PCs and institute safeguards from firewalls to intrusion detection systems to protect against hackers. But amidst all the checks and balances that are instituted, the humble office printer is more often than not overlooked.
Given how the printer has evolved in recent decades to become a networked, multi-functional, "all-in-one" device, it is a grave mistake to overlook the security risks that can be created by not securing this essential component of modern IT infrastructure. Most multi-functional printers today come with PC-style hard drives that store digital copies of every document that has been scanned, copied, emailed to and printed on them. From confidential employee records, to credit card numbers and patient's health records, the modern printer retains a copy of every document that passes through it.
Further, given their wireless (and wired) capabilities, at-risk printers are not only an easy entry point for malware and viruses, but their embedded operating systems and full IP stacks also mean that hackers can gain access to the printer's hard drive and control stored data from a remote location.
The Threat Landscape
Peter Kim, an industry-leading penetration tester, hacker and author of The Hacker Playbook 2: Practical Guide to Penetration Testing, mentions how easy it is to execute cyber fraud by noting that he has compromised a number of companies using just printers to gain an initial foothold.
According to Ponemon, 60 percent of companies surveyed had a data breach involving printers. In another study by IDC, more than 1 in 4 respondents indicated a significant IT security breach that required remediation; and more than 25 percent of these incidents involved print.
A real example that highlights how easy it is to execute cyber fraud can be seen in a recent case where 29,000 printers across university campuses in the US were hacked remotely, resulting in pages of offensive flyers mysteriously showing up in the output trays. This attack happened again in August this year, but this time 50,000 printers were targeted. Similarly, in November 2015, a laser printer was found to be sending out SSL traffic in a security event on the network.
Sign up for CIO Asia eNewsletters.