View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 7, 2017updated 10 Apr 2017 5:08pm

HP boss: Have you left the door to your network wide open?

Printers could be the root of a crippling botnet attack so why aren't you protecting them?

By Tom Ball

The threats posed by devices in the Internet of Things category are slowly teaching us that very few devices and even objects around the home should be disregarded as a possible point of entry.

Despite this, there are still many gaps, according to HP boss George Brasher, Managing Director of the UK and Ireland at HP, the humble printer is still being overlooked in many cases as an entry point that can link an adversary to the entire network.

With cyber security being the most ubiquitous it has ever been, organisations should be leaving no stone unturned when it comes to security. Any device that is an end-point is a boulder, and printers slot into this category perfectly.

George Brasher, HP Managing Director, UK and Ireland

George Brasher said: “The number of end-point attacks and their severity has gone through the roof… If you look at the attacks more than 70% are coming from end-points.” Mr Brasher told CBR that most printers tend to have up to 250 settings, and should be treated just like a computer.

Mr Brasher put the sophistication of the modern printer into perspective, he said: “A printer is no different than a PC, I always say a printer is a PC with gears and sprockets; it has got a hard drive, an operating system, a middleware layer, an application layer it can send and receive email. It can go to the cloud, it can get back from the cloud it can do everything that a PC can do, but half of IT administrators don’t think about it.”

With HP boasting devices that have been built around security, Brasher remained realistic, and showed awareness of the current cyber threat landscape, making clear that no one can seriously claim to offer an impregnable system or method of cyber protection.

Mr Brasher was clear that nothing is completely fail safe, he said: “So you want to protect, but you realise bad guys are always going to get in at some point, so then you need to detect it and repair it. We have designed out entire portfolio around that.”

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Although making no claims of impenetrable security, he detailed his thoughts on HPs comparison to the approaches of competitors weathering the same challenging security situation.

Describing the benefits of an integral HP security component, Mr Brasher said: “we have a technology called Sure Start that we have on our pcs and printers, the idea behind Sure Start is that in most end-point devices you’ve got firmware, which is just software that is imbedded physically in the hardware, and with our Sure Start solution, the first thing it does is asks has it been altered at all? If the answer says yes, it says we are not going to boot, it stops the boot, discards that firmware, and replaces is and then starts all over again.”

HP

Explaining his confidence in HP, Mr Brasher told CBR: “We have been focussed on security since the beginning, so we chair some of the industry security bodies; we have a lot of firsts, in terms of being the first ones to bring to market, or the only ones to have in the market security solutions.”

A characteristic of the current cyber threat landscape is the human element, which is perhaps not fully realised from the outside, but mistakes, psychological tricks to enhance fishing attacks and other real world approaches to cybercrime are prevalent.

With people more and more commonly using devices out in the world and on the go, and particularly for conducting work and other business, these areas are targeted by malicious actors. Mr Brasher outlined the potential simplicity of some threats saying: “let’s forget about the network for a second, just visual hacking, looking over somebody’s shoulder on their PC; we have thought about that and it is something you’ve got to consider”.

In relation to this particular area, Brasher mentioned that the new HP PCs will include a function that will enable an inbuilt screen to prevent your activity being watched from someone nearby looking at your screen. Although comparatively minor compared to the need for sturdy internal security, it represents an appreciation of the entire threat spectrum.

HPCarelessness is another simple trait that is easily exploited to great effect by adversaries. Brasher specified one that can be remedied in a business setting. He made the suggestion, and said: “Having security on your printing devices so that you have to come up with your badge and authenticate to get your printouts, because you don’t want to leave them laying around as they may have private data or company data on them.”

READ MORE: SailPoint President: There is no perimeter anymore, defence must start from within

The recognition of the breadth of the threat spectrum and appreciation of simplistic criminal threats to cyber security out in the world represents the importance of a greater level of general awareness. The individual must remain constantly aware of their own physical surroundings and handling of documents and data, so there is little excuse for an organisation to leave end-point devices such as printers unsecured for hackers to launch a massive botnet assault.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU