Printers are the Trojan Horse of IT Security
Posted by: David Carthy - Technical Solutions Manager, Pre Sales
When: 22 June 2017
To break the stalemate of the long and bloody Trojan War, Odysseus came up with a plan. Most of the Greek army would pretend to sail away, while a few soldiers hid inside a giant wooden horse that was taken inside the city gates as a trophy of war. That night, they crept out, opened the gates, and finally laid waste to the city of Troy.
In a recent security report conducted by financial services firm Piper Jaffray, 112 CIOs said they will be significantly investing in cyber security; 78% stated that endpoint security would be their main focus. It’s really interesting when we talk to security professionals that they never include or discuss Multi-Function Devices (MFDs) as a potential weakness or breach point to access their network.
I recently attended an event in Lisbon where HP highlighted the issue and predicted that MFD endpoint security would become a major focus in the next 3-5 years. The lack of MFD security is a big concern and it will be only be a matter of time before a high profile corporate breach occurs through non-secured devices.
A recent incident highlights the level of risks and vulnerabilities that organisations are inadvertently exposing themselves to. When “hate" flyers started appearing in print trays across college campuses in the States, it was obvious that there had been some sort of breach. A hacker subsequently told The Washington Times that he was behind the attack. Using a freely available tool to scour for vulnerable devices that could be remotely accessed, he claimed to have identified roughly 29,000 vulnerable printers in minutes. They were connected to the internet and exploited through an open port where he was able to automate a procedure that asked each machine to print a “hate” flyer.
Endpoint Security Goals
So how does an organisation set about securing itself against the threat of a vulnerable MFD?
A few simple rules apply:
- Protect the endpoint against attack
- Make the endpoint auto-healing
- Guard network bandwidth
- Make the network auto-healing
Start to look for hardware that has capabilities built-in. HP recently launched Security Manager to harden MFP endpoints across a printing estate. It has over 250 security settings through policies covering:
- Device Control
- Device Discovery
- Digital Services
- Network Security and Services
The real goal is to start to treat your MFDs the same way you treat your PCs and laptops when it comes to security. With a product like Security Manager, the IT department can quickly assess and remediate devices through defined policies that will be applied to new devices automatically when they are added to the estate.
Endpoint security for MFDs is going to evolve rapidly in the coming years, because it has to. My advice would be to push it up the agenda of things you really need to do and take a look at Security Manager - it’s a good place to start if you don’t want to fall foul of your very own Trojan Horse.