HP: Putting Print Security on the CISO Agenda

The following appears on louellafernandes.com, check it out.

Amidst a rapidly evolving threat landscape, where malware and exploits continue to proliferate, endpoint security often fails to adequately protect networked printer and multifunction printer (MFP) devices. With its new enhanced LaserJet enterprise printer range, announced on 22 September 2015, HP is demonstrating its serious commitment to closing the print security gap. 

In today’s increasingly mobile and interconnected digital enterprise, cyberattacks are increasingly sophisticated, designed to inflict maximum damage to an organisation’s systems and networks. The loss of sensitive information – be it personal or financial – can have huge repercussions – both financial and legal – not to mention the impact on brand reputation. According to the Ponemon Institute, the average consolidated total cost of a data breach is $3.79 million. Meanwhile, Quocirca’s recent enterprise managed print services (MPS) study revealed that over 70% of organisations have suffered at least one data breach as the result of unsecured printing. Yet printing is an overlooked area in the Chief Information Security Officer (CISO) agenda. While focus is given to protecting traditional IT endpoints such as laptops, PCs and mobile devices, ignoring printers as a vital endpoint in an overall information security plan can leave an organisation exposed and vulnerable.

The print security gap
So what is the importance of securing these supposedly “peripheral devices”? Today’s MFPs are advanced and intelligent document processing hubs which print, copy, scan and email. Information resides on hard disk, in memory and with most MFPs now running advanced web servers, these devices are exposed to the same risk as any PC device. At a basic level, there is the opportunity for uncollected sensitive or confidential information to be picked up from output trays – accidentally or maliciously – by the wrong recipient. Fortunately there are a range of simple tools that enable user authentication (either via a smartcard or user PIN) to ensure print jobs are only released to authorised users. But at a deeper level, networked printers and MFPs need to be protected at the firmware and network level. Without adequate protection, the web server on an MFP can be exploited and compromised, providing open access to an enterprise’s network. Indeed, it is not specifically the data on an MFP that may be targeted, it is an entry point to the wider network.

Click here to read the rest of the article on louellafernandes.com