A recent International Data Corporation (IDC) survey, sponsored by HP Inc., found that many organisations do not manage endpoint security strategically or consistently.
It states that security is often a secondary consideration for organisations after cost and performance when acquiring new devices such as PC’s and printers.
The survey found that PCs are more likely to be included in the business’s cybersecurity strategy. Even so, less than a third of respondents said that endpoint device security forms a significant component of their business’s overall cybersecurity strategy.
Printers and tablets are viewed as much lower risk than desktop and laptop PCs, but the fact is that these devices can be targeted just as easily in the current landscape. For laptops and desktop PCs, 92.5% of procurement documents specify security requirements compared to just 48% for printers.
The fact is that a printer is essentially another computer on your network and should be treated as such. And attackers only need to compromise one account to gain access to your organisational data.
One particularly concerning statistic from this survey was the amount of time it would take the respondents organisations to recover functional PC devices (operating systems / not user data) in the case of a NotPetya style attack.
The terrifying thing about NotPetya was that it was not designed to demand ransom funds from its victims – its sole purpose was to infect and destroy. The speed at which it spread meant that it spiralled out of control very quickly, even spreading back to Russia, where it originated, striking the state oil company Rosneft after infecting countless machines around the world.
“To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze NotPetya. “By the second you saw it, your data center was already gone.”
Alarmingly, 29% of respondents in the IDC survey, said it would take them between 2 and 12 weeks to recover 100% of their estate. 40% said it would take them the same amount of time to recover just 50%.
That’s 69% of respondents with entire sections of their network out of action for up to 3 months! More than a quarter of respondents said it would take them over 1 year to recover 100% of their IT estate.
In another survey; ‘The Cyber Security Climate in Ireland’, conducted by Amárach Research for Microsoft in January 2019, 44% of users say that they have experienced problems with phishing, hacking, cyberfraud or other cyberattacks.
The same report says that 43% of public and private sector employees in Ireland use the same password across different technologies. Furthermore, 46% of public and private sector employees in Ireland had no training in previous 12 months on combatting cyberattacks.
It may sound like scaremongering (it’s not) but organisations operating in today’s super connected, high speed, digital environments need to make sure their IT decisions are made with security as the top concern and with a view to protecting the business from both malicious (and accidental) damage.
Even a very top-level risk assessment based on how your organisation might handle an attack like NotPetya may reveal some surprising insights into knowledge gaps within the business and potential weak points in your network, operating systems or processes.
Create your ‘IT Fire Drill’ with a realistic perspective and learn from others’ mistakes. Develop a point by point plan to minimise the potential for damage to your business. An unsecured and unmonitored printer fleet is about as obvious an entry point for a hacker as an open window is for a burglar.
If you would like to find out how Stacked can help you better protect your business by securing your printing devices, call 1890 409 988 now.
To read the full IDC HP Inc. Endpoint Security Survey visit