Printer Vulnerabilities Report Reveals Cybersecurity Risk
Quocirca, a market insight consulting firm has posted their Global Print Security Landscape 2019 report, which publicly revealed that 60% of corporate entities globally are exposed to data breach due to misconfigured printers. The reality that printers are not a set it, then forget it machines, but rather a machine with its own operating system in the form of firmware in the device, which also requires regular updates similar to desktop operating systems. The report also revealed that since the new printers for all intents and purposes are also IoT devices (Internet-of-Things), as they provide services accessible from the Internet, features that weren’t existing a decade ago.
“For many organisations, their cyber-attack surface area is increasing as connected Internet of Things (IoT) endpoints proliferate. These include both legacy and the new breed of smart printers and multifunction printers (MFPs). Consequently, businesses must take a proactive approach to print security as these print devices can provide an open door to corporate networks. By taking steps to analyse the potential vulnerabilities of print environments, businesses can mitigate risks without compromising productivity,” explained Louella Fernandes, Quocirca’s Director.
Quocirca in their study realized that in this period of GDPR (General Data Protection Regulation) in the European Union and similar legislation in other regions, companies are not aware enough how insecure their networks became due to their vulnerable network printers. Based on their data, 60% of the companies experienced data loss in 2018, with 27% of printers which can fall under the category of secure. For decades, printers within the organization work as LAN printers only, with IoT-like features only added by printer manufacturers relatively recently, within the last 10 years.
“In response, print manufacturers are elevating awareness of print security risks. Today most offer a diverse range of product offerings encompassing built in hardware security, print security solutions and comprehensive security and risk assessments. Nevertheless, most competitors are hot on their heels in developing their print security propositions. Leading players are moving to a secure-by-design approach, where security is built in from the ground up on new hardware,” added Fernandes.
Unlike other functions of an office, people will continue to need printers for considerable years to come. Though mobile phones and tablets lessen the actual need to print on paper, most of the changes that lessened printing were mostly photo prints, not document printing. In fact, based on the statistics released by Quocirca revealed that 87% of all organizations will continue printing on paper for the next two years.
Unlike soft copies of documents which can easily be encrypted to prevent unauthorized people from knowing its contents, paper documents are much more vulnerable to eavesdropping and data extraction since they are printed in plain text. Any organization that keeps corporate secrets on paper is highly recommended creating an encrypted softcopy and destroy the paper copies in order to minimize the vulnerability to corporate espionage.
The report is based on empirical study which was participated by leading printer vendors such as Xerox, HP, Ricoh, Canon, Brother and Lexmark. All of them assured the public that they will release regular firmware upgrade that will address security and privacy concerns, both for their corporate customers and home-based clients.
Julia Sowells698 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.