HP Wolf Security warns about critical gaps in printer security: the forgotten hardware in cyber resilience strategies.
HP has raised alarms over an underestimated risk in most organizations: printers. According to a new report from HP Wolf Security published on July 17, only 36% of IT teams promptly apply firmware updates to their printers, despite spending an average of 3.5 hours per month per device on maintenance. This neglect leaves openings for cybercriminals to access corporate networks through these seemingly harmless devices.
The study, based on more than 800 interviews with IT and cybersecurity managers across six countries, details how printer hardware and firmware security is systematically overlooked at every stage of the device lifecycle, from purchase to decommissioning.
Hidden Risks from the Start
At the purchasing stage, only 38% of companies effectively coordinate between procurement, IT, and security to define safety criteria. Even more concerning, 51% cannot verify whether a printer has been tampered with during transit or installation, and over 50% do not require technical documentation to verify manufacturer security promises.
“In many organizations, the printer acquisition process is more driven by cost than security. This opens the door to compromised devices from the start,” warns Steve Inch, HP’s global secure printing strategist.
Patches That Don’t Arrive on Time
During the usage phase, the main issue is the slow application of critical updates. Only about one-third of devices can identify vulnerable devices facing new threats or known vulnerabilities. Additionally, less than 35% have visibility into unauthorized hardware changes or firmware-level attacks.
Risks are not just digital. Seventy percent of IT respondents say they are increasingly worried about physical threats, such as printing sensitive documents that employees do not handle properly afterward.
Out-of-Use Printers With Data Inside
End-of-life management also poses serious challenges. Most companies (86%) admit that concerns about securely deleting data prevent them from reselling, reusing, or recycling printers. One in four managers believes physical destruction of storage units is necessary, and 10% prefer to completely destroy both the device and storage to prevent data leaks.
“Printers are no longer just office tools. They are connected smart devices that store sensitive data and, if not managed properly, can become entry points for sophisticated attacks,” emphasizes Boris Balacheff, HP’s security research lead.
Key Recommendations for Securing Printing
The HP report concludes with a series of recommendations to enhance enterprise cyber resilience through proactive printer lifecycle management:
- Foster close collaboration between IT, security, and procurement from the acquisition stage.
- Require manufacturer security certifications and supply chain traceability.
- Implement firmware updates without delay.
- Use tools to ensure compliance with printing security policies.
- Choose printers with integrated capabilities to detect and isolate zero-day threats.
- Select models that allow safe data and firmware erasure before recycling or disposal.
In an era of increasingly complex cyberattacks, security starts—and can falter—with the most basic devices. Office printers, if unprotected, may be the weakest link in the entire chain. HP’s new report serves as an urgent reminder: cybersecurity is also printed.
via: hp.com