How can businesses assess and mitigate the security threat of networked devices such as printers that have operating systems which can continually re-infect networks with malware?
As with all threats, the risks have to be appropriately evaluated, writes Andrea Simmons, member of the BCS Security Forum Strategic Panel. There are a significant number of "end points" connected across and to our networks that have to be managed and, as ever, there are technologies that can be rolled out that will assist in this task, but the fundamentals still remain: What have you got? Where is it? Who should be taking responsibility for it?
Network scanning technology needs to be capable of addressing the end points to ensure that anti-virus or software updates are run on printers and other connected devices to keep them virus-free and "healthy". This is especially true the more our networks run on IP technology and are structured by IP addresses. These need to be carefully managed in terms of inventory listings to gain knowledge of the active end points and the likely traffic flowing through them.
The more technologically able printers are, the more likely it is that they come with the capability to retain data in a stored memory facility. This can present itself as a risk if the printer needs to be taken offsite for maintenance purposes as the nature of the information stored would need to be assessed to ascertain whether or not it should be allowed to be taken offsite. Such issues need to be addressed in contract management so procurement colleagues need to be involved.
Printer ownership is always a challenging battleground, but the security professional has to be able to share with colleagues across all areas of the business where the known risks are and provide the appropriate advice. It is then up to the individual business areas to undertake their own risk assessment on the basis of their known risk appetite and decide what they are prepared to live with - i.e. the realisation of the risk of infection of a known end point that is under proper daily housekeeping and control.