October is cybersecurity awareness month, marking a four-week period many of us spend pondering things we should be putting into practice the other 48 weeks of the year. But do we really? Apparently not.
As I mentioned in a recent Blog, ransomware and hacking attacks can strike anywhere – even at my own healthcare provider. That local attack brought a large regional healthcare system to its knees, as work processes normally managed by their Electronic Medical Record (EMR) system were suddenly thrust back to the literal pen-and-paper age. Two months later, they’re finally getting back to normal.
Obviously, hospitals aren’t the only organizations at risk of cyberattack. Recently, companies as varied as Sony Corporation, an Australian mobile phone company, a UK-based IT services provider, a major Las Vegas casino, and the city government of Dallas, Texas have fallen victim to malware and/or ransomware attacks.
“Wait a minute,” I hear you saying. “LRS is a print and output management software company. What does cybersecurity have to do with print?” As it turns out, quite a lot.
Recent research by the analyst firm Quocirca surveyed IT decision makers about their security challenges. More than half of respondents said security was their top priority and over two-thirds of them said their organizations had experienced data loss in the last 12 months due to unsecure printing practices. Nonetheless, print security was low on the list of their overall security concerns.
It shouldn’t be.
Why? For one, the business world has changed in ways we couldn’t have imagined only a few years ago. At the same time that state-sponsored cybercrime groups are on the rise and ransomware-as-a-service has become a thing, companies around the world have begun to embrace work-from-home and hybrid working arrangements for many of their employees. This was a natural response to the COVID epidemic, but it has introduced millions and millions of new attack surfaces in the form of unsecured printers and MFPs.
But wait, there’s more. Even output devices inside the corporate network can present a security threat, depending on how they are managed and maintained. What makes them an ideal attack surface?
- They have IP ports that enable them to connect to the internal corporate network and in some cases the public Internet
- They typically rely on device drivers, which are difficult for administrators to validate and update across large fleets of printers and MFPs
- They have hard drives that store data from an organization’s most sensitive business documents
- Many have the ability to receive and send email, as well as wirelessly connect to users’ mobile devices for convenient ad-hoc print
- They sometimes have unsecured USB and other physical ports that offer a way to discreetly load malware
- They are an afterthought. They are “somebody else’s problem.” They are everywhere.
Do we have your attention yet? Good. So what can an organization do about it? Stay tuned – Cybersecurity awareness month is just getting started. Watch this space to learn how organizations large and small are addressing the vulnerabilities in their print, scan, and output environments.