In 2016 alone, four billion data records were compromised worldwide. The jury’s still out on 2017, but one thing is clear: It’s only a matter of time before your company is targeted—if it hasn’t been already.
Today’s predatory cybercriminals know that weak targets, such as unsecured printers and other endpoints, are near-guaranteed payloads. In fact, there are probably some seriously evil genius hackers writing tomorrow’s scariest wiper virus in a top-secret crime lab right now.
Let’s face it: Even the laziest hackers can easily access your network through your endpoints, because they don’t have to look very far for a vulnerability.
5 real-world examples of easy hacker bait
If you don’t believe us, think again. Unsecured endpoints are a $6 million annual industry. As scary as that figure is, it’s about to get a lot worse. Here’s a look at five vulnerable endpoints in every office that you should watch a little more closely:
Over half of all organisations don’t include their unsecured printers in their security strategy. Even if you’re not printing off your customers’ bank account numbers and leaving the hard copy in the tray for hours, your printer is an intelligent networked device that can act as a wide-open door to your company’s network.
Remember Mirai Dyn, the distributed denial of service (DDoS) attack that took down the internet for hours just over a year ago? October 21, 2016 (or the day without Netflix, Amazon, and Reddit) was made possible by DNS lookup requests from tens of millions of IP addresses and many, many unsecured business routers and printers.
3. Voice over IP (VoIP) phones
Your IP-phones are safe because your network has a firewall—or so you think. VoIP phones have many computing capabilities, and many are completely wide open to attack thanks to default passwords, such as “admin.” Hackers don’t find it too hard to use these devices to rack up international calling charges or eavesdrop on your confidential conference calls.
4. Mobile devices
Smartphones have long been hailed as the weakest link in corporate network security, with one study finding that Android devices comprise a staggering 81 percent of malware-infected devices worldwide. It’s not super hard to get malware on a phone—with one in 14 data breaches last year starting out as a good old phishing attack when someone simply clicked a bad link.
Do you think your twice-daily run to refill your coffee in the break room without locking your computer is pretty low risk? It takes as little as 30 seconds and $5 worth of equipment for a criminal to backdoor your PC. While physical breaches are relatively rare, accounting for just 8 percent of the incidents reported in one 2017 study, it’s definitely not a risk you want to absorb.
Your printer got hacked—now what?
Consider this scenario: A hacker gains entry to your reception-area printer via a mobile hack or thumb drive that creates a backdoor into your company’s network. Statistically speaking, your organisation won’t detect the fact that you’ve been breached for an average of 200 days.
In a world that’s increasingly driven by the Internet of Things (IoT), there’s a lot riding on network integrity. The WannaCry ransomware attack in May 2017 marked the first instance where US hospitals reported that an intelligent, connected medical device stopped working. Then, the Petya wiper virus took down the Ukranian Central Bank and Public Utilities.
When hackers have the ability to take internet-connected pacemakers and insulin monitors offline during a network attack, the potential collateral damage of forgetting to change the default password on your VoIP phone is a pretty big deal indeed. Nothing is safe, so it’s up to IT to start identifying and securing every endpoint—including printers—in their environment.
Is literally nothing secure?
The conversation about endpoint security has shifted significantly in recent years. What you’re not securing, patching, or monitoring can definitely bite you.
Security journalist Kelly Sheridan summarises the battle ahead best by stating, “As businesses incorporate [connected devices] . . . they will need to be increasingly aware of their larger attack surface, prioritise services and assets that need to be protected, and know where they are located.” With that in mind, here are three things you can do today to keep your endpoints secure:
- Know: This is where endpoint detection and response tools, endpoint audits, and security penetration testing come in. By looking at your network like a hacker, you can identify scary factors, such as a long-unpatched utility server or your CEO’s shadow IT mobile device.
- Prioritise: Impact and probability equations around security risk are not only a useful way to spread limited security resources to the greatest extent possible but also can be a really effective way to ask your boss for more money when you realise the problem is your endpoints.
- Protect: Adopt endpoints that act more like allies than hacker bait. Humans are going to be your riskiest endpoints, but you can boost your protection by adopting secure business printers that have your back with continuous monitoring, self-healing BIOS, and other engineered security features.
Most of all, keep a little hope. The vast majority of hackers in the world are ultimately lazy and just looking for a quick payday. While perfect security is unlikely, comprehensive endpoint security is an effective way to dissuade most attackers.