John Tate (Copyright: CRN)
HP Director of US Commercial Print, John Tate, has issued a warning to his company’s partners about the dangers of unsecured printers.
According to CRN, with “cyber-security breaches at an all-time high” and with fewer than 2 per cent of business printers being secured, the HP exec has urged that “it’s time for solution providers to aggressively move customers to what HP is calling the world’s most secure printers”.
Speaking at an executive briefing session at the 2017 Best of Breed (BOB) conference, Tate revealed that security breaches had increased by 40 per cent in 2016, a number which was sure to be even higher in 2017.
“Seventy-one percent of all breaches start from an endpoint,” said Tate, noting Nest thermostats, internet-connected appliances, Fitbits and, of course, printers are all vulnerable to attacks. “All of these things are endpoint devices that make your network susceptible to breaches …Printers are not an exception.”
Tellingly, research conducted by Ponemon Institute, a consulting firm, discovered that 60% of IT managers felt they had suffered a printer breach, and 53% realised their printers were vulnerable but, as Tate said, “The shocking thing is very few are taking action”. He continued, “How many of you have yellowing printers that have been there for years?”
It was revealed that a mere 18% of decision makers in the IT world are concerned about printers, with 91% being concerned about PCs, according to Tate.
This lack of concern could be detrimental to businesses, given that HP has identified “nine vulnerable printer areas”.
These are “BIOS and Firmware, Management, Network, Hard Drive, Control Panel, Capture, Input Tray, Output Tray and mobile printing.”
HP’s reaction to the threat has been to unleash “a massive innovation offensive” that includes extensive security features on all HP 500 and 600 commercial enterprise products including HP SureStar BIOS protection; HP whitelisting firmware; HP runtime intrusion detection, which keeps printer memory safe, and HP JetAdvantage Security manager software.
HP will also be utilising its HP Connection Inspector, available via a firmware update. This embedded security feature “aims to prevent rogue malware attacks with artificial intelligence capabilities.”
Ominously, Tate warned during the conference session that the “security threat at the endpoint is going to get even worse in an internet of things world” and events such as the notorious Target hacking in 2014 are liable to become more common.
“This is real big business now,” said Tate. “There is a tremendous risk with all that is going on, and it is growing.”
Pat Grillo, founder and CEO of Atrion, a New Jersey-based company, “applauded HP for shining the spotlight on the printer vulnerabilities”.
“It is great what HP is doing,” he said. “The problem is people are not looking at security enough even with all the news of the breaches on TV and in newspapers. They are not taking the time to look at their whole network and what is going on. They are growing their networks faster than they are growing their security.”
In addition, Bob Venero, CEO of New York-based Future Tech, “said he is doubling down on HP building a secure print and 3D printer business.”
“We are building a whole division around this,” he said noting that he expects to triple that HP secure printing business over the next 12 months. “We are going hard after this. Customers have no idea of the risk for nonsecure print. It is a potential catastrophic entry into a customer’s network. Customers that don’t see that and protect it are vulnerable. Print is a node on the network. At the end of the day, it is like leaving a laptop, password unprotected, out in the public for people to just come in and use. It is essentially the same thing.”