by Steve Burke on October 10, 2017, 8:00 pm EDT
With cybersecurity breaches at an all-time high and less than 2 percent of business printers secure, it's time for solution providers to aggressively move customers to what HP is calling the world's most secure printers, said HP Director of U.S. Commercial Print John Tate.
Security breaches were up 40 percent in 2016, and that number will inevitably increase even more this year, said Tate in an executive briefing session at the 2017 Best of Breed (BoB) conference during the session titled, "How Printers Can Expose Your Endpoint Security Strategy."
"Seventy-one percent of all breaches start from an endpoint," said Tate, noting Nest thermostats, internet-connected appliances, Fitbits and, of course, printers are all vulnerable to attacks. "All of these things are endpoint devices that make your network susceptible to breaches …Printers are not an exception."
[Related: Best of Breed 2017 Conference Coverage]
The consulting firm Ponemon Institute found that 60 percent of IT managers believe they had a printer data breach and 53 percent of IT managers realize printers are vulnerable to cybercrime.
"The shocking thing is very few are taking action," said Tate. "How many of you have yellowing printers that have been there for years?"
Only 18 percent of IT decision makers are concerned about printers, while 91 percent are concerned about PC devices, said Tate.
That lack of concern on printers is a big problem given that both printers and PCs have BIOSes and firmware, network connectivity with internet and email access and hard drives on both devices, said Tate.
HP has identified nine vulnerable printer areas: BIOS and Firmware, Management, Network, Hard Drive, Control Panel, Capture, Input tray, Output tray and Mobile printing.
HP has responded to the printer security threat with a massive innovation offensive that includes extensive security features on all HP 500 and 600 commercial enterprise products including HP SureStar BIOS protection; HP whitelisting firmware; HP runtime intrusion detection, which keeps printer memory safe, and HP JetAdvantage Security manager software.
HP is also set to ship in the next several months its HP Connection Inspector – an embedded security feature available via a firmware update that aims to prevent rogue malware attacks with artificial intelligence capabilities.
The security threat at the endpoint is going to get even worse in an internet of things world with more than 25 billion devices expected to be connected to networks, said Tate. "It is huge, and it is going to keep growing," he said. "We are entering an unprecedented age of hacking."
The infamous hack on retail giant Target in 2014 which resulted in the personal details of 110 million Target shoppers being exposed came from network credentials stolen from a Target heating and ventilation supplier, said Tate. "They contracted out to a company to maintain certain temperature for warehouses and stores," he said. "That system was breached and the hackers got all the way through to the retail point of sale system where they actually scanned credit card information. It is not just protecting the device but the access to the rest of the network."
Hacking has moved from teenagers to organized groups in Eastern Europe, state-sponsored hacking and industrial espionage, said Tate. A U.S. Steel manufacturer with a proprietary product was hacked by a Chinese company that infiltrated their systems, stole the data and brought the product to market faster than the U.S. manufacturer. "This is real big business now," said Tate. "There is a tremendous risk with all that is going on, and it is growing."
Pat Grillo, the founder and CEO of Atrion, Branchburg, N.J., a top security solution provider, applauded HP for shining the spotlight on the printer vulnerabilities and taking aggressive measures to stop the attacks proactively. "It is great what HP is doing," he said. "The problem is people are not looking at security enough even with all the news of the breaches on TV and in newspapers. They are not taking the time to look at their whole network and what is going on. They are growing their networks faster than they are growing their security."
Grillo recently closed a security deal that the customer kept putting off one budget cycle after another until a ransomware attack hit them. That customer rushed through the security purchase in a few short days after the breach.
Bob Venero, CEO of Holbrook, N.Y.-based solution provider Future Tech, No. 119 on the 2017 CRN Solution Provider 500, said he is doubling down on HP building a secure print and 3D printer business.
"We are building a whole division around this," he said noting that he expects to triple that HP secure printing business over the next 12 months. "We are going hard after this. Customers have no idea of the risk for nonsecure print. It is a potential catastrophic entry into a customer's network. Customers that don't see that and protect it are vulnerable. Print is a node on the network. At the end of the day, it is like leaving a laptop, password unprotected, out in the public for people to just come in and use. It is essentially the same thing."