Printers cannot be “add-ons” in cyber strategy

The world is in the midst of digitalization, and one of the things that has accelerated this global digital transformation is the Covid-19 pandemic. Had to start working remotely..

Many organizations’ work strategies have changed from the requirement of being in a core location or a specific office to support long-term remote work. More technologies that enable remote work, such as cloud services, are also more easily adopted.

There are many reasons to adopt new technologies, such as improving cybersecurity, but ISACA’s Emerging Technology 2021 Report..

At the same time, more printing devices are currently connected. Multi-function printing device (MFP) As a result. The concern is that printed matter continues to be improperly addressed as it is related to cybersecurity. So what do you need to consider in your print cybersecurity strategy?

First, the print version of cybersecurity strategy should not be separated from your organization’s cybersecurity strategy. Remote work only extends your organization’s cybersecurity parameters. This means educating organizations to remember that every procurement decision is a cybersecurity decision, and cybersecurity is the role and responsibility of everyone. It’s not just on the shoulders of CISOs and CISO organizations.

This ensures that printing devices (like any other intelligent programmable device connected to the network) are thoroughly scrutinized and approved before being procured as part of the organization’s strategy. Means that it must include.

You need to procure devices (including printing devices for business purposes) centrally and ensure a description of the device, including business purposes, users who have access to the device, and details of what happens on the device. Create a policy that outlines.

Knowing the type of data being sent and processed on your device – To be able to manage it properly, you need to know what is in your environment and what is happening in your environment. To do this, after reviewing and procuring the device, make sure that the device is included throughout the cybersecurity framework and that cybersecurity best practices and standards are applied to the print device. ..

It applies asset management procedures and the device is in your organization Configuration management database (CMDB) Or a similar type of recording system. Make sure that ownership is recorded, such as location and purpose. This will give you an idea of ​​what is in your organization’s environment to help you manage it.

Make sure your device is configured to meet cyber security best practices and standards. Your print device may have more than 250 security settings, but it doesn’t make sense if it’s not properly configured.

Apply data and apply security best practices and standards to your printing devices. This is routinely overlooked, for example, if an organization needs to comply with the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR), it will cover printed matter. Is often. Requirements.

In addition, it employs a model that includes zero trust, cyber hygiene, segmentation, device identification, device certificates, and more to emphasize zero trust and ensure that the device is on the network.

You need to authenticate the device and the individual using the device because both the device and the user’s ID need to be authenticated and authorized to connect to the network and tie to Zero Trust.

This includes applying logical access best practices and standards to printing devices. In many cases, the device is procured and installed, and anyone can connect to the device. , And security events often result in zero traceability. This creates a vector for an attacker to break into your organization.

In addition, individuals can store data on the USB drive of their printing device, but other devices in the organization may not be able to store the data. The point is to get everyone to think about printing devices, just like any other computing device.

Your organization’s cybersecurity governance, including key policies, should be applied end-to-end throughout the printing environment. This includes tools for managing servers, databases, print fleets, and more. In addition, your organization’s patching and endpoint protection strategies, processes, and procedures apply to printed matter.

Therefore, the printing device, like any other endpoint, must implement cyber security protection and be part of the patching process and procedure. Printing devices require cybersecurity logging capabilities, and these features must be enabled. Logs should be entered into SIEM to monitor for anomalous behavior, vulnerabilities, and so on.

The printing environment and printing devices should also be included in your organization’s system lifecycle strategy. All technologies will eventually become legacy and need to be deprecated. Ideally, to mitigate cybersecurity risks, you need to ensure proof of destruction to ensure that the technology is no longer used anywhere in your organization.Recent events such as SolarWinds Security Incident All of these are important considerations in your printing / cybersecurity strategy.

May 12, 2021 White House Executive Order Signed on improving cybersecurity in the United States. The White House Executive Order calls for Endpoint Detection and Response (EDR) as a key component of IT infrastructure to drive some of the above points. The Executive Order emphasizes the importance of cyber security standards in device procurement, device use, and device management.

As a result, all suppliers of endpoint devices, including printed materials, have the technology to make it easier to detect and identify devices on their networks, and have the ability to meet the above criteria. Request to confirm that. Generates actionable intelligence that enables the ability to respond to anomalous behavior, vulnerabilities, cybersecurity events, and more.

Even if your organization has the best cybersecurity strategy and does a great job, including printed matter, you need a diverse and well-qualified person to carry out the strategy and do the cybersecurity job well.

According to ISACA, one of our challenges in cybersecurity continues to be staff shortages, budget shortages, and qualified staff shortages. 2021 Cyber ​​Security Status ReportRecruiters are having a hard time finding qualified cyber security personnel. What to do in this case? Give employees time to be educated and trained, provide outreach to the community, and make the community aware of great cybersecurity opportunities.

Cybersecurity is a multi-faceted, multidisciplinary field that is constantly changing and evolving, so once you hire a qualified cybersecurity officer, provide time for continuing education. Threat situation.

The above points are not exhaustive as they relate to cybersecurity printing strategies, but they are considered from the beginning and will help you to consider them.

ISACA members Michael Howard and Dr Kimberlee Ann Brannock are HP’s Chief Security Advisors, Head of WW Security and Analytics Operations, and HP’s Senior Security Advisors, respectively. Printers cannot be “add-ons” in cyber strategy

Back to top button