The threats posed by devices in the Internet of Things category are slowly teaching us that very few devices and even objects around the home should be disregarded as a possible point of entry.
Despite this, there are still many gaps, according to HP boss George Brasher, Managing Director of the UK and Ireland at HP, the humble printer is still being overlooked in many cases as an entry point that can link an adversary to the entire network.
With cyber security being the most ubiquitous it has ever been, organisations should be leaving no stone unturned when it comes to security. Any device that is an end-point is a boulder, and printers slot into this category perfectly.
George Brasher said: “The number of end-point attacks and their severity has gone through the roof… If you look at the attacks more than 70% are coming from end-points.” Mr Brasher told CBR that most printers tend to have up to 250 settings, and should be treated just like a computer.
Mr Brasher put the sophistication of the modern printer into perspective, he said: “A printer is no different than a PC, I always say a printer is a PC with gears and sprockets; it has got a hard drive, an operating system, a middleware layer, an application layer it can send and receive email. It can go to the cloud, it can get back from the cloud it can do everything that a PC can do, but half of IT administrators don’t think about it.”
With HP boasting devices that have been built around security, Brasher remained realistic, and showed awareness of the current cyber threat landscape, making clear that no one can seriously claim to offer an impregnable system or method of cyber protection.
Mr Brasher was clear that nothing is completely fail safe, he said: “So you want to protect, but you realise bad guys are always going to get in at some point, so then you need to detect it and repair it. We have designed out entire portfolio around that.”
Although making no claims of impenetrable security, he detailed his thoughts on HPs comparison to the approaches of competitors weathering the same challenging security situation.
Describing the benefits of an integral HP security component, Mr Brasher said: “we have a technology called Sure Start that we have on our pcs and printers, the idea behind Sure Start is that in most end-point devices you’ve got firmware, which is just software that is imbedded physically in the hardware, and with our Sure Start solution, the first thing it does is asks has it been altered at all? If the answer says yes, it says we are not going to boot, it stops the boot, discards that firmware, and replaces is and then starts all over again.”
Explaining his confidence in HP, Mr Brasher told CBR: “We have been focussed on security since the beginning, so we chair some of the industry security bodies; we have a lot of firsts, in terms of being the first ones to bring to market, or the only ones to have in the market security solutions.”
A characteristic of the current cyber threat landscape is the human element, which is perhaps not fully realised from the outside, but mistakes, psychological tricks to enhance fishing attacks and other real world approaches to cybercrime are prevalent.
With people more and more commonly using devices out in the world and on the go, and particularly for conducting work and other business, these areas are targeted by malicious actors. Mr Brasher outlined the potential simplicity of some threats saying: “let’s forget about the network for a second, just visual hacking, looking over somebody’s shoulder on their PC; we have thought about that and it is something you’ve got to consider”.
In relation to this particular area, Brasher mentioned that the new HP PCs will include a function that will enable an inbuilt screen to prevent your activity being watched from someone nearby looking at your screen. Although comparatively minor compared to the need for sturdy internal security, it represents an appreciation of the entire threat spectrum.
Carelessness is another simple trait that is easily exploited to great effect by adversaries. Brasher specified one that can be remedied in a business setting. He made the suggestion, and said: “Having security on your printing devices so that you have to come up with your badge and authenticate to get your printouts, because you don’t want to leave them laying around as they may have private data or company data on them.”
The recognition of the breadth of the threat spectrum and appreciation of simplistic criminal threats to cyber security out in the world represents the importance of a greater level of general awareness. The individual must remain constantly aware of their own physical surroundings and handling of documents and data, so there is little excuse for an organisation to leave end-point devices such as printers unsecured for hackers to launch a massive botnet assault.