Businesses have a false sense of security behind firewalls. A key and current concern of mine is that businesses are struggling to secure every endpoint due to a lack of awareness and knowledge about certain devices and the risks they carry. They feel safe behind a firewall, despite this being no longer enough to protect against an attack.
Security teams must be aware of every endpoint within their infrastructure and ensure that each endpoint has multiple layers of security protection to guard against increasingly sophisticated attacks.
Businesses are failing to implement sufficient levels of defense
Especially in the case of printers, I see a lot of businesses ignoring their security and crossing their fingers that there isn't a breach. Sometimes, they'll implement security just to pass government regulations after which they'll disable it because they're receiving too much data and they don't have the teams to manage it all. A lot of security solutions we see today end up being shelfware and not deployed to the level they need to for the solution to be an effective defense measure.
One of the questions we ask our customers is have you had a security breach through printing? Largely, the answer we get is, "We don't know." The reality is that businesses aren't monitoring printers. At any one time, a security team may be monitoring 75 percent of their network, leaving 25 percent wide open. That should scare CISOs. They need to have visibility on every device in their network.
Security resource shortage exposes businesses to risk
With the rising number of security incidents occurring in organizations on almost a daily basis, and more endpoints entering the infrastructure, businesses are struggling to hire the resources to monitor and respond to breaches. There's also a lack of education on how to secure new devices. Printers are a prime example of an essential device that few have expert knowledge of how to implement security, so securing printers gets put on a back burner.
All too often, I see security teams taking care of what they're comfortable with, rather than pushing themselves to apply even minimum protections to lower priority endpoints. I always recommend to my clients that their security teams be educated on every device, understand built-in security features, and add endpoint security controls into the organization's security policy.
Brand reputation is a major concern
Everybody knows how hard it is to build your brand. But all you need is one security breach to destroy a brand reputation. Not only do businesses pay the price of costly financial penalties (possibly in the hundreds of millions of dollars), but customers will either never shop there again or use a credit card with the business again. Given that we're a credit-card driven society, this could result in a severe loss of sales.
On top of that, with every new solution, service, or product we launch at HP, security is the first thing we look at. HP development teams know that they have to answer all the security questions including how the devices or software will work on the network in a secure way. More so than ever before, security should be a first thought, not a bolt-on. It's been HP's policy for years—ever since we developed the very first internet-connected printer.
The future is cyber resilience
Cyber resilience is about being prepared for and adapting to changing conditions, including withstanding and recovering rapidly from disruptions. Cyber resilience is key to HP's design policy for our products and solutions. For example, HP's enterprise-class printers and MFPs have built-in self-healing technology that can protect, detect, and stop an attack at the device.
The device will then reboot to a known good state by checking and reloading the software down to the BIOS level and get back up and running without IT intervention. In addition, the system sends a report with all the important log information, so security teams can learn from the attack and plan for the future. For us, it's important to help businesses get back up and running as soon as possible, in the event of a network breach.
Staying secure is more important than ever—so make sure you're following these guidelines to lock down your IT environment from every entry point.