11 Oct 2019
Last week, we discussed endpoint protection for mobile devices, and how cybersecurity threats tend to crop up in the most unexpected places. Now, based on an August report, we know that you may be overlooking another mundane but crucial vulnerability in your organization: the office printer. A Saturday panel at DEF CON, the hacking convention based in Las Vegas, featured a team of security researchers and their findings on this newfound cybersecurity nightmare. According to Daniel Romero and Mario Rivas, researchers at NCC Group, several name-brand printers represent a serious risk to office security. The research reported “remote vulnerabilities” in tested printers when it came to multiple different attack vectors, which means that out of all the potential liabilities in your organization, the innocuous printer may be the easiest point of entry for cyberattackers. And seeing as purchasing a printer is rarely debated beyond their functionality, entities from small businesses to government departments are at risk.
What’s At StakeRomero and Rivas conducted a six-month study on printers manufactured by Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh. Their research initially turned up sizeable weaknesses that made the devices susceptible to Denial of Service (DoS) attacks, but of more concern is the possibility of hackers using printers to invade corporate networks using remote code execution and bypassing security layers. In the end, the manufacturers were alerted and worked to update and secure their printers against the vulnerabilities Romero and Rivas discovered. But this is hardly the first instance of Internet of Things (IoT) devices posing a problem for cybersecurity; in fact, in many cases, corporate IT security teams tend to overlook them altogether. Some even fail to realize that printers are connected to the company network. This blind spot hasn’t gone unnoticed, however. Over the next few months and years, IoT cybersecurity is lined up to become one of the major themes in information security. It may take awhile for these disclosures and research to catch up with the billions of IoT devices being incorporated into companies and homes nationwide, but in the meantime, checking and patching your printer is more important than ever.
Keeping Up With the TimesYour organization is a highly dynamic entity with lots of moving parts, and with so much shuffling around from day to day, it’s easy for small yet high-risk vulnerabilities to slip through. To stay safe and vigilant, you need a safety net as adaptable and wide-reaching as you are. Our IT Security Assessment doesn’t stop at evaluating your defensive technology—it also offers enhanced tactics to take your security awareness to the next level, including endpoint compromise, USB drops, black box placements, and more. We provide the following key services as part of our IT Security Assessment:
- Vulnerability and Penetration Testing
- Extensive Firewall Evaluation
- Social Engineering Evaluation
- Antivirus Best Practices Evaluation
- Network Security Best Practices Evaluation
- Remote Location (Branch) Evaluation
- Remote Access Evaluation
- Telco-Testing/War-Dialing Evaluation
- Wireless Security Evaluation