HP stresses the importance of selecting the right investments. Good governance is about managing company resources, including budgets, at a time when there are a large number of security threats.
If an organization is in a phase of introduction, growth, maturity, or transitioning towards a new market, it must consider its stage of business—what makes it unique—as well as its risk appetite and development position. These factors will assist business professionals in contextualizing which assets to focus on, and where additional threats may arise.
Similarly, the supply chain may be a major risk area. There may be simple security weaknesses within your supply chain that need to be addressed.
Simply put, knowing the highest risk areas across the enterprise, knowing where attacks are most likely, and knowing how much you can invest ensure maximum resilience in the event of an unexpected event.
Advanced firmware threats will become widespread by 2023, and cybercriminals will continue to invest in attacks that exploit physical access to endpoint devices.
Firmware breaches were previously only used by so-called sophisticated Advanced Persistent Threat (APT) groups and nation states in the past year, from tools for hacking BIOS passwords to rootkits and Trojans targeting the BIOS and Unified Extensible Firmware Interface (UEFI) of computers and devices. now, rootkits of firmware are advertised for a few thousand dollars on the cybercrime marketplaces.
As they evolve from hand to hand, sophisticated attacks, are becoming more sought after. These kinds of sales ads should also be seen in the cybercrime underground, as well as further firmware breaches.
Beyond software designed to attack firmware, there is growing concern about physical attacks. These attempt to infiltrate devices locally by exploiting physical access.
As an attacker's constant control of the device's operating system, such devices are difficult to detect, remove, or restore. HP Sure Start, Sure Recover, or Tamper Lock are some of the most effective methods for protecting, diagnosing, and resolving such attacks.
Organizations must begin asking the appropriate questions about how devices are designed with security and resilience in mind, including hardware and firmware levels, and consider this during procurement to support their endpoint infrastructure in the future.
The 2023 year of printer security might be a critical event, as the loss of nation-state secrets opens up opportunities for cybercriminals to exploit printers to obtain economic advantages.
As nation-state techniques that exploit printers spill over into the larger cybercrime economy, as we saw with the EternalBlue leak, we may see a turning point for print security in 2023. There are many reasons to do this, as accessing the printers might allow attackers to access other devices on corporate networks.
A large number of exposed and insecure printing devices are used to assist attackers in their attempts. These devices may be linked to corporate devices, but accessing them will be fairly straightforward since no one really notices your printer as an attacker.
Organizations must improve their cybersecurity structures in order to avoid attacks on printers. Updates should be scheduled regularly, and devices should be regularly monitored and scanned for violation status. Bypassing printer security leaves a visible hole in your cybersecurity posture.
Carlos Manero, HP's Digital Services Business Development Manager
