Print has taken a back seat to digital communications in the past decade but many environments still rely on printing to support key processes. Multifunction printers (MFPs) are prevalent in both the private and public sectors even today. They are well established in the IoT ecosystem as critical network endpoints, but this also makes them a security hazard.
Even behind a firewall, MFPs can act like a front door to the network, creating the potential for compromising corporate or customer data, according to a research paper by Quocirca, a company specializing in the impact of information technology and communications (ITC).
The firm surveyed 250 enterprises in the UK, France, Germany and the US in December 2018, alongside major printer vendors like Brother, Canon and HP. Some 66% of respondents considered print infrastructure a top risk, trailing only public cloud services, cited by 69%.
The paper outlines some of the scenarios where MFPs – which offer advanced network-centric features – can pose a grave cybersecurity danger to users. For example, the device may be used as a network ingress point if poorly secured (i.e. outdated firmware, compromised credentials, etc.), or if the printer is shared between multiple users or departments. As IoT devices, MFPs can be (and have been) recruited to botnets, which are then used to perpetrate distributed-denial-of-service (DDOS) and other attacks. Other risks are outlined in the diagram below.
Various scenarios can be envisioned through these points of compromise:
Researchers therefore caution that print security needs to become a strategic board-level issue, moving beyond the domain of the IT manager to the C-suite. From the paper:
“The continued high level of print-related data breaches demonstrates that businesses need to do more to protect their devices, network and data. An organisation’s information security strategy can only be as strong as its weakest link. The expanding IoT security threat landscape means that the challenge of print security is moving beyond protecting the printed page. As IoT devices, smart MFPs are susceptible to the growing threat of DDoS attacks as well as providing an open gateway to the corporate network.”
Quocirca advise administrators to treat print security as a fundamental element of their broader security strategy. The team says print security should start with procurement. In that respect, admins should evaluate devices designed with security in mind – i.e. intrusion detection, white-listing and syslog data collection with links to established SIEM tools.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024