Story image

HP New Zealand reveals why your printers might be the biggest risk in your company

16 Mar 17

With so much effort put into securing networks, devices and IT systems, printers and other seemingly innocent office devices are often overlooked. None more so than the humble office printer, which believe it or not can be subject to more vulnerabilities than anyone could ever guess, due to inadequate firewall protection.

We spoke to Grant Hopkins, HP New Zealand’s managing director about secure printing, managed print services and The Wolf web series.

HP has been one of the first vendors to realise that traditional printers and their ports can be in serious danger from attacks.

“Protecting against security breaches is one of the biggest challenges our customers face. HP is helping customers secure their devices, documents and data by defending our enterprise printers with the strongest protection in the industry,” Hopkins says.

Hopkins cites a Spiceworks report titled Unlocked doors: Research shows printers are being left vulnerable to cyberattacks, found only 16% of respondents thought printers are at high risk of a breach; 43% ignore printers in endpoint security.

Another report by Quocirca, titled Managed Print Services Landscape, 2016, found that 61% of respondents experienced at least one print-related data breach in the last year.

HP has developed solutions to tackle printer vulnerabilities, and those solutions cover everything from detection and recovery right through to whitelisting and intrusion detection.

HP Sure Start is the company’s BIOS security protection; whitelisting makes sure only legitimate firmware can be loaded; and Run-time Intrusion Detection is in-device memory monitoring specifically for malicious attacks. Run-time Intrusion Detection is now in new HP enterprise printers and can be added to most printers developed in 2010 through the FutureSmart firmware update.

Hopkins says that HP Labs focuses on a ‘Blended Reality’ future that includes immersive experiences, ambient computing, 3D transformation and security.

“The security lab is somewhat unique in that it conducts R&D for security innovation generally but also focuses on the unique security implications of all the other labs’ innovations,” he says.

A good thing when the world is becoming ever more connected.

IDC’s Robert Palmer has also explicitly named HP as one of the companies that is taking an active approach to addressing problems in the print and document space.

Looking at what HP is doing in the space, Hopkins says that distributed devices and the convergance of the physical and digital world means a new approach to security. 

To do that, he says HP is focused on creating the most secure devices, empowering customers to use HP Managed Print Services for confident and secure computing, as well as pushing the industry forward.

“Since security is mission-critical, HP Secure Managed Print Services (MPS) provides customers with advanced protections along with the most comprehensive device, data and document security. In addition, HP provides the expertise to help customers develop and deploy their print security strategy and then maintain their print environment over time,” he says.

Those services include tools that protect and monitor HP printer fleets, data and documents with visibility. JetAdvantage Security Manager can remediate devices to comform with an enterprise’s printing policies and also provides proof-of-compliance reporting.

“HP’s security consultants work with customers to assess their print security vulnerabilities; build a comprehensive security policy based on business needs and best practices; and, identify and implement solution recommendations to achieve and maintain improved security,” Hopkins says.

HP’s role as a managed print service provider comes with a number of benefits, he says.

  • HP Print Security Advisory Services can help assess customer risks, develop a custom print security policy
  • HP Print Security Implementation Services can help deploy security settings, add security enhancements like device certificates, and integrate printers into SIEM tools
  • HP Print Security Advisory Retainer Service provides on-going access to advisors to evaluate customer security plans on a regular basis 
  • HP Print Security Governance and Compliance Service provides trained experts to monitor and manage print security compliance.

Moving on to print security awareness, HP recently launched a global web series called ‘The Wolf’, starring award-winning actor Christian Slater. It’s not only doing well globally, but is also being well received in New Zealand.

Hopkins explains that the series shows how easy it is for hackers to get into corporate networks.

“In the short film, Slater systematically hacks a company entirely through real vulnerabilities in unprotected printers and PCs—starting in the mailroom and moving up to the executive boardroom,”

“The Wolf is the first of a series of global initiatives aimed at building awareness and creating a sense of urgency around the security vulnerabilities of endpoint devices, like printers and PCs in the office, and help them learn how to close these gaps in their security,” he continues.

He says security is not just about the network or perimeter, but everything and everyone connected to it - including devices. HP believes security is paramount across all devices.

“By integrating security into every part of our systems, HP is not simply protecting devices and vital data, we are reinventing security from protection to resilience, so people and companies can constantly stay a step ahead of the constantly evolving and always disruptive world of attacks,” Hopkins concludes.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Interview: Aruba’s NZ country manager talks channel strategy
“What we're taking to market is that message around simplification and having everything in one place.”
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.