In 2022, cybercriminals are aiming their sights on vulnerable IoT devices, with printers as a top target. According to Forbes, cybersecurity experts were able to breach 28,000 unsecured printers to show how vulnerable printing devices can be to malicious actors. With a 56% hit rate across 800,000 vulnerable devices, 447,000 could have been successfully hacked. Large corporations, small businesses, and even individuals must understand how the devices they use every day can serve as an open door for malicious actors and how to best fortify their devices to prevent breaches.
Understanding The Risk
As cybersecurity risks have grown more sophisticated and complicated in recent years, more advanced standard frameworks and security guidelines are needed to properly secure sensitive data.
Printers are often an unprotected and overlooked point of entry, making them low-hanging fruit for malicious actors. Printers can store a large amount of user information and provide access to sensitive data such as passwords. Modern multifunction printers have security capabilities, but even so, if not configured correctly there may be unnoticed vulnerabilities; especially with cloud connectivity, which can be manipulated and used to have the device make unauthorized changes such as configuration changes, upload of harmful code to the network, and print job manipulation.
Once a person gains unauthorized access to an IoT device such as a printer, the malicious actor can then use this access to gain control of the user’s network to launch even more cyber-attacks. Securing all IoT devices, including printers, is imperative in creating a security plan. Consider IoT devices such as printers and assess their security measures to help ensure that their security protocols are up to date, as well as create a cyber plan in the case of breaches.
The first step in creating a strong cyber prevention plan is to begin fortifying devices by taking the following actions:
- Assess the environment to identify risks, including the security capabilities of networked printers and multifunction devices.
- Manage and protect valuable information that is managed by systems.
- Implement measures to counter cybersecurity risks (such as unauthorized access and the leak of confidential data).
Developing a Secure Framework
Printers and multifunction devices connect to the network of systems at organizations and handle sensitive information such as document data. Therefore, printers and multifunction devices require the same security measures as other network endpoints. Five elements required to fortify systems are “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.”
By comprehensively implementing measures for these five elements, organizations would not only help to protect themselves from cybersecurity risks, but also effectively discover and recover from cybersecurity risks.
- Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- Protect: Develop and implement appropriate safeguards to ensure the delivery of critical services.
- Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- Respond: Develop and implement appropriate activities to act regarding a detected cybersecurity incident.
- Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Identify and Protect
Authentication must be a cornerstone of any organization’s cybersecurity plan. When placing authentication options, one can help ensure that only authorized users can operate the printer and its functions, such as the print, copy, scan, and send functions.
- Login Service (User Authentication): The login service (User Authentication) performs personal authentication based on the information registered for each user, enabling you to limit the users who can access the printing device. You can additionally specify an Active Directory or LDAP server on the network as an authentication server to utilize the existing user information registered on the server.
- Access Management System: You can assign the functions available for each privilege level (role) and create new roles. This enables you to perform more detailed user management, such as "prohibit user A from making copies" or "allow user B to use all machine functions."
- Network Authentication/Access Control: Actions of malicious third parties, such as eavesdropping, tampering, and spoofing during communication, may cause unexpected damage to authorized users. To protect against these vulnerabilities, you can employ Firewall or Proxy settings to help secure your system.
Detect/Respond/Recover
As cyberattacks have become more sophisticated, the importance of the "Detect," "Respond," and "Recover" functions has increased. Cybersecurity measures are required to monitor system operations, and detect, track, and respond to events that may affect systems or the organization.
- Security Monitoring: Cybersecurity measures are imperative to monitor systems operations, detect unusual activity, and respond to cases where system information or security may be at risk or breached. Audit Log Functions allow effective monitoring of systems and the use of devices. Log history can be used to parse through activity that may be suspicious. Information auditing can be useful for printing devices, as it can monitor for:
1. The user authentication log for unauthorized access (or attempted access) to the device.
2. The device usage logs for unauthorized printing, sending, or changing of administrator settings.
- Cyber Resilience: Preparing to detect attacks and having a plan of action to restore systems swiftly will be the cornerstone to help minimize damage and flow of service from breaches. Breaches could go unnoticed, especially if the breach occurred from open protocols from an unsecured printer. Cyber resilience measures that organizations can take are:
o Strong and effective detection methods for breaches.
o Swift response to cyberattacks.
o Restoration of systems to get systems back to their original state.
Looking toward the future, organizations and IT security managers will need to take serious consideration of the security measures that their IoT devices may be lacking. Any vulnerabilities can be exploited and used as a backdoor to system mainframes, where malicious actors can gain access to administrative controls to wreak havoc on the systems, conducting more sophisticated attacks.
Printers are not often thought of when planning cybersecurity for organizations, but it takes just one small vulnerability for someone to gain control. Overall, printers and other IoT devices must be included in the plan for effective cybersecurity measures. IT professionals can help ensure security by implementing authentication and strong prevention and detection practices, as well as continually backing up important information if a breach in systems does occur.
