Your information security strategy includes attention to endpoints and patching, but are you aware of the risks associated with your firmware? Your organization's hardware with programmable read-only software could be an overlooked component of your endpoint security strategy.
The recent surge in DDoS attacks has revealed that various connected devices, including office routers, printers, and security systems, could be a huge target for attackers. In some organizations, these devices are not even considered as an aspect of written endpoint security assessments and risk planning.
Using old office equipment can be a security risk, but implementing the wrong technology or poor implementation technique is just as dangerous. In this blog, you'll discover sources of security risk in new office technology and how to mitigate them.
Mobile security and endpoint security are important, related topics. For more on this topic, we recommend 5 Ways to Reduce Information Security Risk in a Mobile Workplace.
Is Your Office Hardware a Glaring Security Risk?
You may be worried about the impact of your employees' mobile devices on your company's network, but is your firmware a missing part of your endpoint security strategy? In 2016, Insight research found that 64% of IT managers currently believe their printers are infected with malware. In addition to these malware fears, the same study found that 73% of IT leaders are anticipating a major security breach within the next year.
You may not think that your printers or routers are as appealing to would-be hackers, but they could actually represent an incredibly easy path of entry to your company's network. If your endpoint security plan is unbalanced—including too much focus on mobile updates and policy—even a shiny and new piece of office technology could be putting you at risk.
Here are three common firmware security mistakes to avoid.
1. Default Passwords
More than one in ten (13%) security incidents are caused by "weak or default" passwords, according to the 2016 Verizon Data Breach Investigations Report. Many of the connected devices that participated in the botnet army behind the recent Mirai Dyn attack were cracked due to the fact they'd never had an initial password set and were still "protected" by credentials like "default," "password," or "admin."
In addition, failing to update defaults is one area of office technology security specifically addressed by PCI DSS guidelines. Requirement 2.1 states that security teams must update defaults to improve security.
Any time you set up new office hardware, from a VoIP phone to a printer, ensure that you set effective security credentials. This is critically important for any device on your network that could become infected with malware, but even more important for office technology that may store sensitive data (such as a printer). Promising to yourself that you'll reset the password later or rely on end-users to set credentials is a recipe for non-compliance and security risk.
2. No Inherent Whitelisting
Depending on the sophistication of your office hardware, you may need patching and software updates long before the hardware is replaced. Before you plan on just downloading vendor updates on an as-needed basis, stop. Depending on the structure of the product and its firmware, the design itself could leave both the device and your network vulnerable.
Hopefully, your printer or another device that requires updates will have some form of "whitelisting," which controls the sources of software modifications. If this feature isn't available, your firmware could download anything pushed in its direction, including malware from criminal sources.
Fortunately, if your office equipment requires frequent updates, you should be able to monitor changes through other technological sources such as file integrity monitoring software. When shopping for new office tech or evaluating necessary solutions to protect your IT environment, understanding whether your technology includes a whitelisting function is important. Regardless of whether this feature exists or is absent, you definitely want to understand how your firmware is being modified at all times to avoid a malware infection.
3. Lack of Detection and Monitoring
The most dangerous thing your organization can do with new office technology is not actively monitoring your network and endpoints for malware to detect issues before they spread and result in data loss.
PCI requirements include weekly scans and scans whenever software updates are executed, but many organizations fail to meet or exceed these requirements. With real-time, network-wide oversight, you can discover whether your printers, routers, mobile devices, and other office technology are being used in a DDoS attack or have been infected with malware and act immediately.
CimTrak Offers Advanced Protection for Office Equipment Endpoints
CimTrak is the first real-time file integrity monitoring software to offer the potential for complete remediation of negative changes directly from the management console. When it comes to the security of "other endpoints" like office equipment and point-of-sale systems, it's among the most comprehensive solutions.
Don't let your printer become a target for a serious cybercriminal who knows common vulnerabilities. Never assume that default passwords on a VoIP phone are good enough, or that every update to your firmware is coming from an innocent source. While the "other endpoints" may not seem like major risks, the recent Mirai Dyn attacks prove that they actually are.
With the help of CimTrak, you can monitor, detect, and act whenever issues arise, no matter where on your network they originate. Download our Definitive Guide to file integrity monitoring to learn more today.
January 17, 2017