Many IT teams are overlooking platform security, leaving concerning security gaps.
This is among the findings from an HP Wolf Security report, ‘Securing the Print Estate: A Proactive Lifecycle Approach to Cyber Resilience”, that highlights the challenges of securing printer hardware and firmware (platform security), and the implications of these failures across every stage of the printer’s lifecycle.
The survey is based on a global study of more than 800 IT and security decision-makers (ITSDM).
Exploring four lifecycle stages, the report reveals that during the Ongoing Management stage, just 36% of ITSDMs apply firmware updates promptly. This is despite IT teams spending 3,5 hours per printer per month managing hardware and firmware security issues.
Failure to promptly apply firmware updates to printers unnecessarily exposes organizations to threats that could lead to damaging impacts, such as cybercriminals exfiltrating critical data or hijacking devices.
Further security gaps revealed across the other stages of the printer’s lifecycle include:
Supplier selection and onboarding stage:
- Lack of procurement collaboration: Only 38% of ITSDMs say procurement, IT, and security collaborate to define printer security standards – with 60% warning that this lack of collaboration puts their organisation at risk.
- RFPs going unchecked: 42% of ITSDMs fail to involve IT/security teams in vendor presentations; 54% fail to request technical documentation to validate security claims; and 55% fail to submit vendor responses to security teams for review.
- Inability to verify the printer’s integrity: Once the printer arrives more than half (51%) of ITSDMs cannot confirm if the printer has been tampered with in the factory or in transit.
Remediation stage:
- Inability to detect and remediate threats: Many organisations are struggling to keep on top of patching devices. Only 35% of ITSDMs are able to identify vulnerable printers based on newly-published hardware or firmware vulnerabilities, not to mention zero-day threats that are unknown to the vendor or the public. Only 34% can track unauthorised hardware changes made by users or support teams, and only 32% of ITSDMs can detect security events linked to hardware-level attacks.
- Not just cyber – print risks are physical too: 70% of ITSDMs are increasingly worried about offline threats, such as employees printing and mishandling sensitive company information.
Decommissioning and Second Life stage
- End of life risk: 86% of ITSDMs say data security is a barrier to printer reuse, resale or recycling – a big problem, given that on average ITSDMs report having approximately 80 printers that are redundant or are in the process of being decommissioned within their organisations.
- Lack of confidence: ITSDMs lack confidence in current sanitisation solutions, with 35% saying they are uncertain whether printers can be fully and safely wiped. Meanwhile, one in four believe it’s necessary to physically destroy printer storage drives, and one in 10 insist on destroying both the device and its storage drives to ensure data security.
“Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” warns Steve Inch, global senior print security strategist at HP Inc. “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale.
“The wrong choice can leave organisations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”
The report offers recommendations on how to address these security challenges across the printer’s lifecycle, including:
- Ensure IT, security and procurement teams collaborate effectively to define security and resilience requirements for new printers.
- Require and leverage manufacturer provider security certificates for products and / or for supply chain processes.
- Apply firmware updates promptly to minimise exposure to security threats.
- Leverage security tools to streamline printer policy-based configuration compliance.
- Deploy printers that can continuously monitor for zero-day threats and malware with the ability to prevent, detect, isolate and recover from low-level attacks.
- Select printers with built-in secure erasure of hardware, firmware and stored device data to enable safe second life and recycling.
“By considering security at each stage of a printer’s lifecycle, organizations will not only improve the security and resilience of their endpoint infrastructure, but also benefit from better reliability, performance, and cost-efficiency over the lifetime of their fleets,” comments Boris Balacheff, chief technologist for security research and innovation at HP Inc.