Share

Top 5 Stories

News

Printer-related security breaches affect 63% of enterprises

14 March 2013

Even though organizations are increasingly aware of the damage that can be done to their reputation and customer trust through the misuse or loss of sensitive data, a new report reveals that only 22% of businesses have implemented secure printing initiatives, indicating a low level of awareness of the efficacy of this attack vector.

Accordingly, 63% of businesses surveyed admit to experiencing one or more print-related data breaches.

A Nuance-sponsored white paper published by research and analyst company Quocirca points out that printers are increasingly becoming a security hole for leaking sensitive company or client information. Many organizations are streamlining workflows associated with paper-based documents – either for efficiency, legal or environmental reasons – and the office-based networked and multi-functional printer (MFP) printer is playing a greater role in helping them achieve their document-related goals.

Despite the greater reliance on MFPs and their role in the document lifecycle, many businesses leave themselves exposed to potential data breaches, both policy and device-related. However, some verticals are more at risk than others. When breaking down the 63% of companies that have been breached via printer technologies, 66% of financial services had at least one print-related security breach; but only 16% (under one in four of those) had more than one – indicating that they learned from their mistakes. In contrast, the public sector, where 90% of organizations had at least one breach, 35% (just under one in three) expereinced more than one incident.

Quocirca noted that in previous research it found that the top three reasons for print security not being adopted were low priority (92%), unawareness of benefits (71%) and lack of a print security strategy (65%). Many businesses still appear to be unaware about the security risks that MFPs pose, and what solutions are available to mitigate such risks.

“Clearly businesses are not doing enough to protect their printing environment, exposing themselves to the potential financial and legal ramifications of print-related breaches,” Quocirca noted. “Businesses may be working hard to protect electronic data across email, PCs, laptops, mobile devices and USB sticks, however the threat of data breaches remains if the one time any confidential or sensitive information is printed, it is left exposed to unauthorized access.”

As for mitigation strategies, secure printing, also known as pull printing, ensures that documents are only released upon user authentication, using a PIN code, smart card or biometric fingerprint recognition, the firm noted. Secure pull printing also reduces waste by eliminating unclaimed documents from ever being printed in the first place and provides printing for mobile users, enabling print jobs to be released at any MFP across the network.

Audited MFP usage, meanwhile, supports compliance needs. Many secure printing tools offer audit and reporting capabilities to track print, copy, scan and fax usage. User authentication enables businesses to monitor who printed what document at what time and on which device. This provides an audit trail and enables patterns of misuse and/or waste to be identified.

Some printer manufacturers are offering options to lock down the printing environment as well. HP last autumn launched a new program that offers secure authentication for all online printers, as well as a management suite for identifying vulnerabilities, such as Java vectors. HP’s upgrade is primarily aimed at the healthcare vertical, where security and privacy compliance for patient records are always top-of-mind. The medical arena is far from paperless, with the printing of patient records still an endemic process. Thanks to those printers being more often than not connected to the LAN by IP, hackers have increasingly focused on the printing environment in order to intercept patient data, often unbeknownst to staff.

Even so, as ever, a multi-pronged strategy is always encouraged. “An organization’s information security strategy can only be as strong as its weakest link and, given the continued reliance on printing amongst many businesses, print security is no longer something they can choose to ignore,” the white paper authors said. “Although pull printing is one approach to minimising potential data loss through unsecured printing, print security demands a comprehensive approach that includes education, policy, and technology.”

This article is featured in:
Data Loss  •  Identity and Access Management  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security  •  Public Sector

 

Comments

Alan Sukert says:

15 March 2013
We’ve been very vocal about the need for IT pros and employees to stop overlooking networked MFPs as possible security threats to the network for some time now. These devices function in the same way as PCs and should be treated as such. In fact, we believe so strongly in protecting the printer that we recently partnered with McAfee and Cisco to create a first-of-its-kind security solution for printers – using white-listing technology which stops attacks before they reach the device and protecting the paths to and from the network. Hopefully, with increased knowledge of the risks involved and better protection for these device we’ll see these percentages decrease in the next few years. For more information, visit: www.xerox.com/security.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×