3 ways you can avoid “Wolf” attacks with smart printer security

February 21, 20174 Minute Read

Only 2 percent of the world’s business printers are secure. For the information-hungry predators quietly stalking their prey, the shocking state of printer security adoption creates an easy opportunity for them to pounce. To expose businesses to the reality of these risks, HP Studios released The Wolf, a dramatic short film series about one cybercriminal’s lucky day. Check out the first part here.

The Wolf is named for the star, “a morally ambivalent and charmingly sinister hacker,” said Vikrant Batra, global head of marketing for imaging and printing at HP Inc. While it’s easy to get lost in the drama of his attack, the underlying message is important for all businesses. Batra says HP Inc.’s goal is “to expose how print security is often viewed as an afterthought, leaving businesses vulnerable to cyber attacks.”

An average day in the life of a predator

The Wolf is grateful for the state of printer security—even though you definitely won’t be after watching the series. For the narrator, it’s basically child’s play to create mass havoc at a fictitious firm, dubbed Pierce Arthur Financial. In fact, The Wolf gains his first advantage within seconds by systemically breaking into the mail room printer with his mobile device. A little patience and one email later, he’s in position to destroy Pierce Arthur’s boardroom.

Spoilers are the absolute worst, so we won’t tell you how it turns out. But what we will say is that The Wolf remains undetected without breaking a sweat. Smart predators always strike their prey in the most vulnerable spot. For Pierce Arthur and the vast majority of other organizations worldwide, one of the weakest network security links is the printer.

Security tips The Wolf doesn’t want you to know

While The Wolf in the film isn’t a literal threat to your organization, there are packs of real-life wolves running wild. Unfortunately for them, you can apply the film predator’s sinister knowledge of common security issues to your office, ensuring you don’t become tomorrow’s juicy prey. Through the eyes of The Wolf, you can discover what criminals don’t want you to know about security mistakes.

1. Sorry, but your security effort may be a waste

When a wolf knows where to pounce, your security spend doesn’t even matter. Not one printer in Pierce Arthur Financial has built-in malware protection. Does The Wolf have insider knowledge? Most likely not. But assuming a target’s printers are unprotected is a pretty safe bet.

In Pierce Arthur’s case, the printer is just a means to an end, since as The Wolf says, “the really good stuff is upstairs.” The Wolf might not have the technical sophistication to brute-force user credentials or crack his target’s perimeter security, but he doesn’t really need it. His target’s mail room printer is wide open, with no one watching.

2. Printers process a ton of sensitive info

What can a wolf do with printer access, anyway? As it turns out, everything they need. Your security’s weak link also processes and stores a ton of sensitive documents. By intercepting and reviewing all print jobs from his mobile device, The Wolf scores just enough personal information on a Pierce Arthur employee. The information needed to take a crime spree from the printer to a network isn’t always payroll data or customer’s personally identifiable information (PII). In this case and many others, an innocuous business communication will suffice.

3. Predictable sheep flock together

From The Wolf’s point of view, causing a really “bad day” for his prey is as predictable as a row of dominoes. From his perspective, sheep behave predictably, and all it takes is one believable email to gain access to his target’s network. Sending a phishing email isn’t exactly hard work, but it can offer a big payoff. Humans are predictably unpredictable; they’re often highly susceptible to phishing, whaling, and impersonation attacks—especially if an email seems legit, due to a bit of clever social engineering.

Watch The Wolf pounce—on your company

Where did Pierce Arthur’s information security team go wrong? More behavioural training may have protected the employee from clicking the phishing attack. The Wolf succeeded because he gained access to the mail room printer. This unfolding crime spree is a series of failures, but it all links back to that one major oversight.

With knowledge of most businesses’ weak spot and a few minutes of monitoring print jobs, The Wolf guaranteed all the access he needed to his target’s network. A layered approach to information security is always the best practice, and lucky for you, printer security isn’t nearly as tough as the data may lead you to believe.

With the help of the leader in secure printers, businesses powered by HP can minimize any worry about wolves. Utilizing built-in security features and other competitive advantages, HP printers can detect and protect against predators. When a wolf comes knocking at your door, you can deny him entry with HP security, thanks to technologies such as embedded malware detection, intrusion detection, and more. Learn more about HP Print Security.

Gary Hilson October 31, 2018 4 Minute Read

5 ways to prepare for PIPEDA’s updates

PIPEDA's getting an update, and it looks a whole lot like GDPR. Here are five best practices that will help you stay compliant.

Stephanie Vozza October 29, 2018 4 Minute Read

Brush up on these 4 fundamentals for Cybersecurity Awareness Month

From employee training to shoring up endpoints and passwords, get primed for Cybersecurity Awareness Month with these four security and privacy tips.

Graham Templeton September 26, 2018 4 Minute Read

Prepare for PIPEDA with better device security and data privacy

Complying with PIPEDA's new privacy amendments requires diligence in everything from internal processes to device security.