That Printer In The Corner May Be A Security Threat: New Report From HP Wolf Security

The study reveals troubling printer-related security gaps.

That big, bulky, yet connected printer in the corner of the office could be a cyberattack vector into an organization. That’s because IT departments are neglecting their printers, and that’s a potential cause for security concerns, according to a new report from HP Wolf Security.

In a study of over 800 IT and security decision-makers across the globe, HP Wolf Security found that only 36 percent of those decision-makers applied timely firmware updates to printers.

The study also found other printer-related security gaps.

• There’s a lack of collaboration between teams with printer security. Only 38 percent of IT and security decision-makers said IT collaborates with other teams, namely procurement and security, to “define printer security standards.”

• There are issues with the on-boarding stage of acquiring printers, the report also found. Fifty-four percent of IT and security decision-makers said they didn’t ask printer vendors for tech documents to support security claims; 55 percent said they also did not submit vendor responses to security teams to review.

• The report also revealed that “only 35 percent of [IT and security decision-makers] are able to identify vulnerable printers based on newly published hardware or firmware vulnerabilities, not to mention zero-day threats that are unknown to the vendor or the public.”

• A mere 34 percent said they were able to track “unauthorized hardware changes made by users or supports teams.”

• When printers reach their end-of-life cycle, 35 percent of IT and security decision-makers said they were unsure whether their printers could be “fully wiped,” leaving the possibility of data remaining stored on them.

With the shift to a digital world, there may exist the perception that printers aren’t as ubiquitous in the workplace as they once were. However, several market research studies contradict that thinking.

According to one report from Global Market Insights, the printer market is expected to grow from $78.5 billion in 2025 to $123.1 billion in 2034, at a compound annual growth rate of 5.1 percent.

In interviews with several printer vendors by MES Computing’s sister site CRN, vendors spoke of the continuing vitality of the printer market, especially after the COVID pandemic.

“[Print volumes are] not back to where they were pre-COVID, but they’ve kind of stabilized, and so people are looking for cost efficiencies and are saying, ‘Do I really need as many A3 copiers as before, and maybe I mix in some A4s with that?’ We see that occurring,” Elliot Williams, group product manager of business imaging at Epson America, told CRN.

“People said faxes were going to go away in 1997, and people are still sending them. Now, of course, they’re internet faxes or IP faxes, but they’re still going in some cases to a fax machine, which is amazing to me. So yes, I don’t think the paperless office is going to be quite here yet. I think we’ve got some time for that to happen,” Dino Pagliarello, vice president of product management and production at Sharp, told CRN.

Which is why IT leaders should consider them when creating and updating their security strategies.

“Printers are no longer just harmless office fixtures—they’re smart, connected devices storing sensitive data,” said Steve Inch, global senior print security strategist at HP Inc., in a news release. “With multiyear refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale.”

Download HP Wolf Security’s full report on printer vulnerabilities, as well as the company’s recommendations on best practices for securing printers here.