In many organizations the printers are used too often and in some it is collecting dust, apparently, it’s the best target that can be used as an attacking surface. There are countless companies who don’t bother about updating the firmware of their printers, leaving their documents open to attackers. The inventories like printers and others are not even discussed in annual security audits and are assumed to be useless in security aspects.
As printers are seemingly harmless, that’s the exact reason it poses a serious threat. Sometimes, the best attack vector for an attacker is the one to which no one bothers to think about. However, a recent IDC survey found that 35 percent of all security breaches in offices were traced back to an unsecured printer or multi-function device, costing companies $133,800 each year.
Why Companies Should Consider Printer as a Security Threat?
As printers are the essential inventories to business from small organizations to huge corporate level organizations and are ignored when it comes to vulnerability management and assessment. Enterprise security tools are only to protect computers and network; they often do not block or monitor access from the printers. That makes the printer a trouble-free approach to the attacker.
Chris Vickery, a white hat hacker and Security Researcher at MacKeeper said: “Getting control of a printer within an organization can provide a foothold for further attacks and a position to ‘pivot’ out of into networks”.
There are some serious effects if the printer gets compromised and used by attacker, like attackers can capture every document sent to the printer. It could be serious business intelligence comprise that no organization can tolerate.
Preventing Data Loss from Printers
It’s too easy to suggest one ultimate security tip to prevent such threat that includes the replacement of outdated printers with newer models that have some latest security features. Furthermore, Data encryption should be introduced to all latest printers to prevent data exposure if compromised. Although it has been adopted by Xerox in March 2016, other companies should also consider this feature to introduce with their products.
In the end, as IT administrators are responsible to configure printer and other multipurpose device in an organization, they should be aware of the threats associated with those devices so some serious countermeasures can be taken prior to the transmission of data.