A recent survey of 200 enterprises with over 1,000 employees in the UK, France, Germany and the US by business and IT analyst firm Quocirca revealed that 61% admitted suffering at least one data breach through insecure printers. Modern multi-function printers come with a host of features to print, copy, fax, scan and e-mail documents, making them, in effect, computers themselves and therefore potentially vulnerable to cyber-attack.
Multi-function printers are vulnerable to four main security weaknesses: printed documents left unclaimed in print trays, images stored on local printer hard drives, unauthorised access to the printer and several network vulnerabilities such as those using the fax functionality.
Examples of cyber-attacks have included: disabling printers for ransom, accessing insecure printers for vandalism and pausing print queues while data is extracted. Open network ports leave the printer vulnerable to unauthorised remote access which in turn could lead to data theft or their use in denial of service attacks.
Improperly decommissioned printers have the potential to be exploited for business records still in the printer’s memory.
Recent research also identified 3,800 3D printers that were left exposed online without a security password, leaving them vulnerable to interference. Users had failed to set up this fundamental security precaution through convenience or ignorance meaning hackers could either steal the 3D model plans or alter key parts of the plan to make the printer produce defective items.
The vulnerabilities outlined above show that cyber security for printers should receive as much attention from organisations as other parts of their IT estate when establishing security controls.
Read the full article here.