Protecting yourself or your organization from today’s growing cyber threats has become increasingly difficult. Although you may have antivirus software installed on your system and avoid clicking suspiscious links in emails, cybercriminals still manage to get through. One of the ways in which they have begun to do so is through connected devices as many of them lack the security protections employed by our smartphones and computers.
While printers existed long before the internet, device manufacturers have added new smart features along with Wi-Fi and Bluetooth connectivity to allow users to print documents and photos more easily. However, by connecting these devices to the internet, manufacturers have inadvertently opened them up to hackers. To learn more about printer security and how we can protect our devices from cyberattacks, TechRadar Pro spoke with Brother International’s director of B2B solutions Bob Burnett.
Why do you think that many organizations and consumers take printer security for granted?
Many times, people don’t see printers as being ‘high tech’ when in fact they were the original IoT device. I think part of the problem is that the name ‘printer’ belies what these devices have become; they have evolved from singular-purpose to multifunctional document hubs that can access nearly every point of an enterprise’s data, which is enormously helpful for workflow and document management, but can lead to security vulnerabilities if proper safeguards aren’t put in place.
What kind of attacks can a cybercriminal launch within an organization once they’ve compromised a network connected printer?
Security breaches often start from a user clicking on malware embedded in an email, and then that malware is used to, among other things, gain control of other network resources including print devices. Unsecured print devices can then be used to gain social information such as names in an address book or device activity reports, which can be leveraged for additional phishing attacks. In fact, only recently a well-known hacker group made headlines for compromising a wide array of companies and NGOs with attacks that targeted unsecured printers to gain this information.
Furthermore, once a bad actor successfully establishes access via an unsecured printer, it’s rudimentary for them to perform a network scan to identify and attack other insecure devices, climbing higher and higher on the network ladder into more privileged, higher-value access. From there, they can cripple the system with a malware attack, or steal confidential information undetected. Meanwhile, those same devices can be converted into malware bots themselves and used to attack other organizations without your knowledge. If your firewalls and other cybersecurity measures are a fence, then an unsecured printer is an unlocked gate, leaving you totally vulnerable and exposed.
Does Brother currently have a bug bounty program for discovering security flaws in its devices and if not, are there plans to implement one in the works?
We do not currently have a bug bounty program; however we have contracted with IT services companies to test our security protocols and strive for continuous improvement. It’s an ongoing discussion at Brother.
Is your company taking any measures to encourage customers to patch their printers and update their firmware regularly?
Many of our products have the ability for Brother to push firmware updates directly to a network-connected device, meaning the user will get a notice on the LCD display that a firmware update is available and can be installed on the device.
What steps is Brother taking to secure its printers and other connected devices?
Besides our own internal testing, we also work with outside security consultants to evaluate our products. We also follow all the latest laws regarding connected and IoT devices and update our products to meet any new regulations.
Speaking of the products, first and foremost, Brother’s printers are intentionally designed without hard drives so that they do not retain any data within the device after an action is performed. On so many other printers, anyone with a thumb drive could walk by and upload whatever documents had recently been processed; far too many businesses spend enormous amounts of money protecting data when it’s on servers, and then leave it totally exposed on printers.
Furthermore, Brother printers have IP filters that can restrict or grant access to a user based on their IP address, automatically blocking unauthorized requests without the proper credentials. We offer password and PIN protection to safeguard customers’ sensitive information, and also ensure compliance with all 20 CIS controls.
But, hardware is only half the picture for Brother when it comes to device security. How the product is installed and maintained is equally important. For large enterprises, that usually means the Brother team or its authorized channel partner visits its customers onsite, assesses their setup and needs, then works with the customer to tailor IT operations for maximum usability and workflow as well as security.
What advice would you give to organizations looking to improve the security of their printers and other IoT devices?
Change the default administrator password! It’s a slap-your-forehead mistake we see time and time again. Just because something’s super simple doesn’t mean it’s not super important.
Big picture, any IoT security problem needs to be addressed with a two-pronged approach. First, a lot of security issues are actually caused by accident, so teaching the members of your organization how to be responsible with their devices is step one. The second prong is to make sure that you’re always staying current with the firmware and implementing software updates. As a corollary, you want to do your research on what security measures are available for your specific device.
Where do you see the print industry in the next five years and are there any big changes or new innovations on the horizon?
I see printers as a beachhead for digital transformation. An under-discussed component to digital transformation is that it can be costly, in terms of both money as well as time. For instance, step one is usually digitizing mounds of paper documents, and even that initial process is often out of reach for many SMBs and mid-sized businesses.
Brother is at the forefront of an industry trend in that we are retooling our lineup to allow increased integration with third-party apps. From approval automation to workflow tracking and analysis, our customers are increasingly able to navigate these mission-critical elements right from their printers, scanners, and other multifunctional devices. This way, digital transformation isn’t such a binary proposition for businesses, i.e. you either shell out a bunch of money, or you don’t do it at all. The quote-unquote ‘humble’ office printer has a big role to play in digital transformation and knowledge management over the next five years thanks to its unique flexibility.