Choosing a printer these days is more than about the print resolution or the speed of printing. It turns out, the humble printer sitting in the corner of your office is the weakest link in an office network and poses as a security threat in the event of a breach.
It is this piece of hardware that is the most overlooked and neglected. I mean, who would have ever thought that the printer could be a conduit in a cyber security attack.
Yesterday, I sat face to face with one Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs, HP Inc (NYSE: HPQ) to understand the security threats facing organisations today. Gone are the days when a cyber criminal was just listening or eavesdropping on Internet chatter and traffic. Today, hackers are destructive, they seek and disable systems altogether and sometimes want compensation in return to have the systems restored.
No doubt, anti-virus companies have become more sophisticated in detecting and quarantining malware, but a software approach to this threat is simply not enough. According to Balacheff, Microsoft has made great advancements in addressing the issue at the operating system level for hardening the security systems that is available today.
HP Inc has taken it down to the hardware level, said Balacheff. Think about it, you can reboot and reinstall your operating system, but if the malware is still persistent at the firmware level on your printer, there is nothing much you can do about it.
Printer is one hardware that typically has a longer lifespan. An organisation can keep a printer for as long as five years and that is a long time for a malware to stick around and replicate itself in any environment.
Balacheff has spent the last twenty years researching and implementing solutions for this and he says that HP is the only printer company that has the foresight to build security solutions around this end-point.
But most organisations are only scratching the surface when it comes to securing their IT infrastructure – there are many issues like a huge deficit in skill sets in this space and a lack of understanding about what exactly can go wrong.
Business leaders and security experts are speaking different languages, like Greek and Latin, and this compounds the problem of what is happening in the corporate world. There isn’t a common lexicon for them to ascertain the risk that security threats are posing today.
Balacheff said that HP can help organisations ascertain the security gaps in their setup, come up with suitable recommendations that they can act on.
HP is also running a Bug Bounty Programme and inviting hackers to kick the tyres, so to speak.
As I was leaving the interview, I was confronted by one thing – whether the real threat was from the outside or from within business organisations – there seems to be an inertia and CXOs only react when they are confronted by a real cyber-criminal. It may be too late for these organisations. If only more people listened to Balacheff.