- Departments often do not collaborate by buying new printers, risking the purchase of defective equipment
- Neither do they patche on time or enough, leaving the doors torque
- Hardware of the dismantling office is also a problem
Computer pirates could be using their commercial printer as an easy back door in their corporate network and all devices connected to it, experts warned.
A new HP Wolf Security report describes how most companies neglect their printers throughout the life cycle of the device, finding only one third (36%) of respondents apply firmware updates as soon as they are available.
Firmware updates are vital, since they often address newly discovered vulnerabilities, and if they do not apply, cybercriminals do not have to look for blind defects, they know exactly where and how to hit and move.
Four stages (of the printer apocalypse)
But firmware update problems are fair during the ongoing management stage, since the report indicates that the life cycle of a printer has four stages, including the selection and incorporation of suppliers, remediation and dismantling and the second life.
During all these stages, printers are exposed to different risks, including the lack of acquisition collaboration, RFP without control and the inability to verify the integrity of the printer.
The report also found that most companies see data security as a barrier for the reuse, resale or recycling of the printer, and only one third (35%) said they were not sure whether printers can be cleaned completely and safely.
At the same time, a room believes that it is necessary to physically destroy printer storage units, while one tenth insists on destroying both the device and its storage units.
“Printers are no longer only harmless office accessories: they are intelligent and connected devices that store confidential data,” warns Steve Inch, Global Senior Printing Printing Strategist HP Inc.
“With the update cycles of several years, unbelief printers create long -term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale. The incorrect option can leave blind organizations to firmware attacks, manipulations or intrusions, effectively establishing the welcome mat for the attackers to access the living network.”
