SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES
HP Releases Cyber Resilience Report

Only 36% of IT Teams Apply Printer Firmware Updates Promptly, Leaving Devices Vulnerable

IT teams are spending 3.5 hours per printer each month on security, yet critical gaps in platform security remain that put the enterprise at risk

HP Wolf Security announced the release of a new report – Securing the Print Estate: A Proactive Lifecycle Approach to Cyber Resilience - highlighting the challenges of securing printer hardware and firmware (platform security), and the implications of these failures across every stage of the printer’s lifecycle. Based on a global study of 800+ IT and security decision-makers, the findings show that platform security is being overlooked, leaving concerning security gaps.
 
Exploring four lifecycle stages, the report reveals that during the Ongoing Management stage, just 36% of ITSDMs apply firmware updates promptly. This is despite IT teams spending 3.5 hours per printer per month managing hardware and firmware security issues. Failure to promptly apply firmware updates to printers unnecessarily exposes organizations to threats that could lead to damaging impacts, such as cybercriminals exfiltrating critical data or hijacking devices.
 
Further security gaps revealed across the other stages of the printer’s lifecycle include:
 
Supplier Selection & Onboarding stage:
  • Lack of procurement collaboration: Only 38% of ITSDMs say procurement, IT, and security collaborate to define printer security standards – with 60% warning that this lack of collaboration puts their organization at risk.
  • RFPs going unchecked: 42% of ITSDMs fail to involve IT/security teams in vendor presentations; 54% fail to request technical documentation to validate security claims; and 55% fail to submit vendor responses to security teams for review.
  • Inability to verify the printer’s integrity: Once the printer arrives more than half (51%) of ITSDMs cannot confirm if the printer has been tampered with in the factory or in transit.
Remediation stage:
  • Inability to detect and remediate threats:  Many organizations are struggling to keep on top of patching devices. Only 35% of ITSDMs are able to identify vulnerable printers based on newly published hardware or firmware vulnerabilities, not to mention zero-day threats that are unknown to the vendor or the public.  Only 34% can track unauthorized hardware changes made by users or support teams, and only 32% of ITSDMs can detect security events linked to hardware-level attacks.
  • Not just cyber – print risks are physical too: 70% of ITSDMs are increasingly worried about offline threats, such as employees printing and mishandling sensitive company information.
Decommissioning and Second Life stage:
  • End of life risk: 86% of ITSDMs say data security is a barrier to printer reuse, resale or recycling – a big problem, given that on average ITSDMs report having approximately 80 printers that are redundant or are in the process of being decommissioned within their organizations.
  • Lack of confidence: ITSDMs lack confidence in current sanitization solutions, with 35% saying they are uncertain whether printers can be fully and safely wiped. Meanwhile, 1-in-4 believe it’s necessary to physically destroy printer storage drives, and 1-in-10 insist on destroying both the device and its storage drives to ensure data security.
 “Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” warns Steve Inch, Global Senior Print Security Strategist at HP Inc. “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”

“Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” warns Steve Inch, Global Senior Print Security Strategist at HP Inc. “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”
 
The report offers recommendations on how to address these security challenges across the printer’s lifecycle, including:
  • Ensure IT, security and procurement teams collaborate effectively to define security and resilience requirements for new printers.
  • Require and leverage manufacturer provider security certificates for products and / or for supply chain processes.
  • Apply firmware updates promptly to minimize exposure to security threats.
  • Leverage security tools to streamline printer policy-based configuration compliance.
  • Deploy printers that can continuously monitor for zero-day threats and malware with the ability to prevent, detect, isolate and recover from low-level attacks.
  • Select printers with built-in secure erasure of hardware, firmware and stored device data to enable safe second life and recycling. 
 “By considering security at each stage of a printer’s lifecycle, organizations will not only improve the security and resilience of their endpoint infrastructure, but also benefit from better reliability, performance, and cost-efficiency over the lifetime of their fleets,” comments Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc.

Source: HP Wolf Security media announcement
FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel