Secure your network weak links to improve compliance

November 7, 20175 Minute Read

Printing fleet vulnerabilities could be exposing your business to security and compliance risks. It has never been more crucial for companies to have multiple layers of protection covering every endpoint in their infrastructure, including the devices that aren’t getting security attention today.

In a 2016 Global State of Information Security Survey, PwC reported that organizations have experienced a 38 percent increase in detected IT security incidents.1 Attacks are more frequent, more aggressive, more sophisticated, and more unpredictable.

And while new compliance requirements recognize that breaches are inevitable, organizations must prove they haven’t been negligent while handling customer data. The penalties can include significant fines (and you’ve got other plans for your IT budget).

Know your infrastructure’s weakest link

Organizations surveyed by Ponemon experienced, on average, two attacks per week in 2016, an increase of 23 percent year-on-year.5 Many IT departments rigorously apply security measures to PCs and the network, but printing and imaging devices are often overlooked. But printers can provide an entry to your network, and securing them is just as important. Of all significant data breaches reported by IT managers in 2015, 35 percent involved their printers.6

It’s essential for security teams to investigate every corner of their business IT infrastructure and build an extra layer of protection on top of standard network perimeters. Firewalls alone can’t withstand sophisticated attacks. A security policy extending layers of protection to network endpoints is a must-have for businesses to meet regulatory requirements and avoid costly fines.

Printers are often ignored as businesses focus on data centres, the cloud, and mobile devices while they move toward digitization. The bad news is that if a printer is connected to the internet, it’s as vulnerable to an attack as a PC. Take the extensive breach across multiple US colleges in March 2016, where a hacker discovered 29,000 unprotected printers and accessed dozens of them to spew out hate fliers. The breach showed that unsecured endpoints like printers can be remotely accessed and hacked.

A recent study by Spiceworks found that 82 percent of organizations experienced an IT security breach in 2016, but very few take printer security as seriously as they should. Only 16 percent of organizations think of printers as a high risk. Although nearly 57 percent have security practices for printers in place, this trails other endpoints with 97 percent having security practices in place for desktops and laptops.2

According to Evan Hardie, IDC, “Security breaches are not confined to computers or mobile devices but can also originate from other endpoint devices, such as network printers. Hackers have been known to gain entry to an organization’s network via open ports on the network printers. This method allowed Russian hackers to penetrate a Denmark-based company that performs sales, service, and technical solutions for the metal, furniture, and automotive industries. The hackers gained entry to the company’s network via one of its label printers. They then demanded a ransom to unlock the company’s IT systems, customer information, and other vital data.”3

IDC also found that, on average, organizations can reduce the frequency of printer security breaches by up to six times if they deploy enterprise printing security solutions.4

Protect data and stay compliant

With governments frequently updating their compliance requirements, it can be challenging for businesses to keep up with regulations. In response, the Center for Internet Security has developed a checklist of controls that outline the most important requirements. These handy Critical Security Controls can help businesses strengthen security policies and organize action plans to meet common compliance regulations.

The following Critical Security Controls could help your IT team protect your print devices, data, and documents as part of your larger security plan:

  • CSC 1: Inventory of Authorized and Unauthorized Devices. First, know every endpoint in your infrastructure. Your IT team should run an audit of all the hardware devices on your network—from your PCs to your printers—and create an inventory of authorized and unauthorized endpoints.

  • CSC 2: Inventory of Authorized and Unauthorized Software. Your IT team should ensure that only authorized software is installed and running on your network and check that all software solutions and firmware loaded onto printing and imaging devices are up to date, signed, and validated to be authentic.

  • CSC 5: Controlled Use of Administrative Privileges. Your IT team should restrict the administrative privileges on your endpoints to ensure only IT or authorized personnel can change settings. Extra protection is achieved with security management software to deploy administrator passwords across the fleet and lock down unnecessary access.

  • CSC 9: Limitation and Control of Network Ports, Protocols, and Services. Your IT team should ensure that ports and unused protocols (such as FTP or Telnet) that hackers can use to access your printer are disabled. Save time by deploying a print security management tool to automatically keep device settings compliant across the fleet. They should also limit access to device functionality by implementing role-based access controls.

The wide scale impact of a cybersecurity breach

High-level security policies that don’t consider added security protections on endpoint devices could mean a business is noncompliant with the latest regulations and at risk of costly fines, lost business, damaged reputations, and class-action lawsuits. The Ponemon research revealed that the average company also lost CAD$11.8 million annually in the fight against cybercrime.7

Including printers in your endpoint security plans can help your business be better protected and compliant. Learn more about how to protect your devices from hacker attacks with Critical Security Controls in the following white paper, “Meet compliance requirements for network and data security” (PDF).

Sources:

  1. The 2016 Global State of Information Security Survey, in partnership with PwC, CIO magazine, CSO, October 2015
  2. Spiceworks: HPI Printer Security Research 2016
  3. IDC: A guide to Print Security for Canadian Organizations
  4. IDC: The Business Value of Printer Security, 2015
  5. Ponemon: 2016 Cost of Cyber Crime Study
  6. IDC: Print and IT Security Spending 2015
  7. Ponemon: 2016 Cost of Cyber Crime Study

Gary Hilson May 18, 2018 5 Minute Read

iTech Toronto: For strong endpoint security, think like a hacker

At iTech Toronto, it became clear hackers approach their work like it's a business, so it's time for businesses to approach endpoint security like hackers.

Gary Hilson May 14, 2018 5 Minute Read

iTech Toronto: Model your cybersecurity strategy on an immune system

At this year's iTech Conference in Toronto, it became clear that a strong cybersecurity strategy should be modelled on an immune system. Learn more here.

Jasmine W. Gordon May 9, 2018 5 Minute Read

5 types of hacker bait cybercriminals find irresistible

In the first half of 2017 alone, more data records were breached than in all of 2016. Avoid becoming a victim by eliminating hacker bait in your workplace.