Page 67 - Cyber Defense eMagazine September 2025
P. 67
Why printer security matters
Whereas PCs typically benefit from greater security visibility and more mature endpoint protection
measures, printers are often overlooked and may lack adequate defenses altogether. This oversight
leaves a critical gap in the organization’s security posture. The truth is that today’s corporate printers are
far from “harmless boxes” — they’re sophisticated, networked devices with onboard storage and internet
connectivity, making them an attractive and viable target for threat actors.
By exploiting firmware vulnerabilities, manipulating hardware components, and taking advantage of poor
configuration (such as open ports and default credentials), malicious actors could target internal storage
for sensitive documents. Or they could compromise a printer to gain entry to the corporate network for
more serious data exfiltration and digital extortion. They could even hijack machines to conscript them
into a botnet, such as Mirai, to launch attacks on other targets, including public websites, third-party
networks, or other unsuspecting organizations.
Securing the lifecycle
There’s risk at every stage of the printer lifecycle. Research from HP Wolf Security reveals that during
the procurement process, IT and security decision makers (ITSDMs) are often excluded from assessing
vendor security claims. And fewer than 40% of global firms bring IT, security, and procurement together
to define security standards when purchasing printers. This means that many fail to request key technical
documentation to validate security claims, or to require printer manufacturers to respond to security-
related questions.
Security challenges continue when the printer lands on IT’s desk. Around half of ITSDMs can’t confirm if
a printer has been tampered with, whether in the factory or in transit. And then there’s ongoing
management of printer security. Just 36% of global organizations apply firmware updates promptly
despite claiming to spend an average of 3.5 hours per printer per month on hardware or firmware security
management.
Worryingly, many respondents say they have difficulty identifying vulnerable printers, tracking
unauthorized hardware changes, and ensuring firmware/BIOS compliance with IT security policies. They
also struggle with detecting security events linked to hardware- and firmware-level attacks. Beyond cyber
threats, 70% of ITSDMs are also increasingly concerned about offline threats, such as people printing
and taking away sensitive company information.
The challenges continue right to the end of the lifecycle. Many ITSDMs lack confidence in current
sanitization solutions, with 35% uncertain whether printers can be fully and safely wiped. This uncertainty
creates significant roadblocks to sustainable disposal, with 86% citing data security as an obstacle to
reuse, resale or recycling – and 39% describing it as a “major” or “severe” concern. A quarter of global
organizations believe they must physically destroy printer storage drives to mitigate data risks, while 1-
in-10 go even further, insisting on destroying both the device and its storage. As a result, otherwise usable
devices are taken out of circulation, depriving organizations of potential extra revenue and undermining
their sustainability efforts.
Cyber Defense eMagazine – September 2025 Edition 67
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
