Check what’s leaking out of your networked printer

Check what’s leaking out of your networked printer

Have you ever been frustrated by the complexity of the office printer/copier? These behemoth systems do far more than just make copies, confusing their users, and opening up vulnerabilities to the company. Although copying may be the main business of the machines, they can also scan, fax, send and receive vital company information — all in one place. Essentially, these machines have become a networking hub within the workplace, where each new action or service provides a new opportunity for exploitation wirelessly, by ethernet cable, or by both.

Researchers have recently been investigating access on printer/copiers as a potential opportunity for information leakage or industrial espionage, or even sabotage. In a January 2017 Quocira survey of 200 US and European businesses, more than half reported some data loss through intercepted print jobs (50%), access and loss or theft of printer hard disk data (48%), documents emailed externally (44%), or outright hacking of the printer system to gain company network access (18%). Some hackers have been very clever in attacking these systems.

SWIFT Transactions 

Hackers were able to cause confusion in both business and banking by disabling the printers used to confirm SWIFT network transactions on Indian banks, such as the attack against India’s City Union Bank in February this year. By the time the problem was identified, systems shut down and rebooted, and bank officials were able to reconcile the accounts the next day to determine that three fraudulent payment transactions had been made, the criminals were able to walk away with one million dollars.

Healthcare access 

Printers are a central focal point for a wide variety of personal healthcare data, making them a tempting target for cyber criminals and a key entry point into the healthcare community for ransomware. The Mamba ransomware can be used to shutdown printers, while spreading across the network by way of the Server Message Block Protocol, where it can access files on remote servers and other resources, enabling a client application to read, move, create or update files. Although the frequency of reported ransomware appears to be slowing down, both the magnitude and threat levels of ransomware attacks have increased. If a company is hit with a ransomware attack, they can be expected to pay large sums of money to have their systems restored, if they are restored at all.

Beware of printer memory!

Normally, documents are cleared when the printer is powered off. However, many printers come with built-in hard drives or other memory devices, where the printer can retain copies of the documents after the print jobs or faxed documents are complete and the printer has been turned off. Know your printer specifications and how to delete critical information from memory.

Do I need to provide printer protection? The answer is, “Yes! By all means.” Here are some tips to protect your printer.

1. Make sure to monitor printers through the security information and event management systems (SIEM), to authenticate employee access to printing devices.

2. Consider the printer to be a server and protected, and monitor it as carefully as you do your server systems.

3. System logs for the printer should be recorded in a central syslog depository and routinely reviewed. When suspected unauthorised activity occurs, conduct an audit to determine who is attempting to and entering your printer.

4. If possible, make sure your printer is on a segregated portion of your company network, such as a virtual local area network (VLAN), where it is isolated from your core server.

Digital Risk Management Strategy 

For businesses, it is becoming increasingly important to have a comprehensive digital risk management strategy for the organisation. According to recent statistics by several organisations, 69% of businesses increased their cybersecurity budgets last year and more will do so this year. But throwing money at the problem may not be the best way to solve this growing problem. The solution must stem from an integrated Digital Risk Management Strategy.

Digital Risk Management refers to the identification and mitigation of any exposure to danger, harm or loss by a business through their computer or electronic devices or cyber business processes, which in today’s world includes nearly everything. An effective management strategy now requires all C-levels of an organisation to review, analyse, and own their processes. In the past, digital risk management was for most businesses only in the purview of the CIO and the IT department. Today, this needs to be a company-wide, shared responsibility.

The strategic goal is to balance a company’s exposure to potential threats, identify needed protections, and ultimately build resilience into the organisation systems and operations to disrupt potential threats, minimise system failures and prevent financial loss.

Several new trends have led to the need for a digital risk management strategy, including the exponentially increasing use of smart devices by both customers and employees, as well as the corresponding increase in penetration of these devices by criminals.

As these devices have become more available, customers have developed expectations of ubiquitous online access. To be competitive, businesses must respond to customer needs, improving access to business websites and improving business processes, which can only be done through application of advanced digital technologies. Unfortunately, these advanced technologies come with a price. That price is additional opportunities for criminals to gain access to business systems and operations.

Companies must seek and hire qualified personnel with the right skills and experience. This includes cyber security analysts, data scientists and IT personnel, who must be given the appropriate tools and methodologies to monitor, identify and reinforce the business security infrastructure.

The digital risk management programme must target cyber threats identified and monitored by these professionals, limit infrastructure exposure as much as possible, identify opportunities for data loss and stem the leakage, conduct training and educate all employees. At a minimum, annual training should be given to all employees. For success, repeat as necessary!

(Iyengar is Director, School of Computing and Information Sciences, Florida International University; Miller is Associate Director, Robotics and Wireless Systems, Discovery Lab, FIU)