Secured! Think Again About That Printer in the Corner

In many organizations the printers are used too often and in some it is collecting dust, apparently, it’s the best target that can be used as an attacking surface. There are countless companies who don’t bother about updating the firmware of their printers, leaving their documents open to attackers. The inventories like printers and others are not even discussed in annual security audits and are assumed to be useless in security aspects.

As printers are seemingly harmless, that’s the exact reason it poses a serious threat. Sometimes, the best attack vector for an attacker is the one to which no one bothers to think about. However, a recent IDC survey found that 35 percent of all security breaches in offices were traced back to an unsecured printer or multi-function device, costing companies $133,800 each year.

Why Companies Should Consider Printer as a Security Threat?

As printers are the essential inventories to business from small organizations to huge corporate level organizations and are ignored when it comes to vulnerability management and assessment. Enterprise security tools are only to protect computers and network; they often do not block or monitor access from the printers. That makes the printer a trouble-free approach to the attacker.

Chris Vickery, a white hat hacker and Security Researcher at MacKeeper said: “Getting control of a printer within an organization can provide a foothold for further attacks and a position to ‘pivot’ out of into networks”.

There are some serious effects if the printer gets compromised and used by attacker, like attackers can capture every document sent to the printer. It could be serious business intelligence comprise that no organization can tolerate.

Preventing Data Loss from Printers

It’s too easy to suggest one ultimate security tip to prevent such threat that includes the replacement of outdated printers with newer models that have some latest security features. Furthermore, Data encryption should be introduced to all latest printers to prevent data exposure if compromised. Although it has been adopted by Xerox in March 2016, other companies should also consider this feature to introduce with their products.

In the end, as IT administrators are responsible to configure printer and other multipurpose device in an organization, they should be aware of the threats associated with those devices so some serious countermeasures can be taken prior to the transmission of data.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...