The Petya cyber attack was a timely reminder about threat detection and prevention in 2017. The attack itself was simple in design yet elegant in nature. It was easy to remove but even easier to spread. Worst of all, the attack was crippling: It took out thousands of computers worldwide, and many weeks after the attack, companies were still rebuilding servers to get their services back online.
The attack started when someone on the inside of a firewall downloaded some malware hidden in an attached file. One unsuspecting victim double-clicked on the file and all hell broke loose. However, the payload wasn’t immediate. The malevolent software sprung to life and replicated itself quietly throughout the network in the dead of night. Any employee who left their laptop or workstation running overnight was infected—including all files and devices connected to the network servers, which by design, are left running all day.
The following morning, thousands of people worldwide were unable to log into their computers. The hacker replaced the OS loading screen with a message that looked deceivingly real: “Your operating system needs to defrag your hard drive.” Unsuspecting victims, desperate to log into their laptops and start their busy day, clicked “yes” to proceed, and rather than defragging, the malware started to encode and bit-lock their HDDs. The only solution? A full operating system rebuild.
This type of situation will likely occur more frequently as society becomes more integrated. The IoT is proliferating, and while you and your employees may love your always-on wearables, connected mobile devices, and Wi-Fi-enabled everything, the level of threat detection rises when these devices are connected behind our system’s firewalls.
4 ways to quickly respond to vulnerabilities and threats
How often do you think about the vulnerability of your printers? If you saw somebody you didn’t know sitting at the CEO’s desk, you would know something was wrong; however, if you saw somebody you didn’t know at a printer, would you raise the alarm?
Some of the most valuable information in a company—company contracts, employee contracts, personal expenses—often passes through a printer. Modern printers and copiers can also scan and save documents to the directories of every employee in your office. These devices are incredibly connected—yet often overlooked, which can leave the print environment one of most vulnerable aspects of your office’s IT environment.
In light of these types of endpoint vulnerabilities, here are some ways you and your IT team can respond quickly to threats:
- Prevent BIOS hacking: These days, you can check the BIOS version of a piece of hardware remotely. This type of technology didn’t exist when servers were originally created, mainly because it was technically difficult for a BIOS to respond to network traffic. However, a BIOS can now respond securely to a remote administrative server. You should definitely configure one of your (hopefully) many overview dashboards so it displays a network graph of all the hardware connected to your network. Configure the dashboard with a simple traffic light system, showing green for hardware with the correct BIOS version, orange for hardware that needs updating, and red for systems that aren’t responding. If anything is red, then shut it down—you could be in the process of being hacked. If you’re looking for an easy way to identify the BIOS version of your hardware, check out Vamsi Krishna’s method.
- Be proactive—not reactive: Too many times, businesses waste money and time on the “break-fix” mentality of threat detection. In other words, once a breach happens, IT needs to scramble to fix the issue. Instead of investing in technology that is supposedly “more secure,” you can turn to devices that offer built-in threat detection, like secure printers that can detect attacks before they happen and automatically self-heal by returning to a previous version of the BIOS. This proactive approach is safer—and easier—than attempting to repair an infected machine after the fact.
- Use video surveillance: Have you ever wondered why more crime occurs in apartment blocks than in houses? The answer often is that more people live in apartment blocks, and not everyone knows one another. The same goes for printers and other endpoint devices. Many users come and go throughout an office, and they all need to print or scan documents. Consider the idea of putting a video surveillance camera near the printer and automatically connecting the video footage with the login and logoff of data. While this may sound a little paranoid, it certainly wouldn’t hurt to have extra security footage.i
- Disable the USB slots: While the ability to download photos to a USB and then connect it to a printer to print the photos directly is a great feature, it can open up a whole new entry point for hackers. However, most modern printers can connect to the entire corporate network, so you can achieve the same goal by downloading files from the cloud, an encrypted USB, or straight off your desktop, then send the print job wirelessly to the printer. On most printers, the BIOS can disable USB devices in a few quick steps, so it might be worth doing to better protect your print environment.
A printer can be the lifeblood of your office—just remember, printers need protection, too. If you follow these easy threat detection tips, you can tighten up your endpoint device security, defend your print environment from hackers, and keep the business safer across the board. In today’s world, rife with cybercrime, this peace of mind is more important than ever.