Ink can be as leaky as electrons.(Pic: Sekulicn/Getty Images)
Despite recognising print as one of their top five security concerns, businesses are not doing enough to prevent data leaks through old-fashioned paper and ink.
That’s according to a report from the analysts Quocirca – the Global Print Security report published yesterday – which makes the point that ‘low tech’ paper can be just as great a risk as an IT network breach.
Printers can be a major security weakness, as was dramatically demonstrated late last year when a mischievous hacker forced thousands of printers to spew out messages of support for the YouTuber PewDeePie.
Organisations reported that 11 percent of all security incidents were print-related, a figure that is based on data from 250 organisations in the UK, France, Germany and the US.
It found that print-related breaches were costing the organisations it surveyed an average of £313,000 per year. Some 60 percent of organisations confessed to having experienced at least one print-related data loss in the past 12 months, with the majority of breaches the result of mismanagement by internal users.
Despite ongoing efforts to digitise offices, print continues to be important, with 91 percent of organisations classifying it as ‘important’ today and 87 percent saying it will continue to be so for at least the next two years.
However, organisations recognise the risk from print, ranking it second only to cloud services as the greatest threat to data integrity – 73 percent said they were concerned or very concerned about it.
In response, organisations spend an average of 11 percent of their security budget on the print infrastructure, and three-quarters said they are planning to increase it.
But Quocirca questioned their perception of the risk: 70 percent of businesses said they are most worried about malware infecting print devices when the majority of breaches (32 percent) are the result of human error.
Quocirca research director Louella Fernandes commented: "Our research consistently shows that businesses remain reliant on print, but the way it is used is changing. Print infrastructure is vulnerable to all the threats associated with IoT devices, but also to risks linked to hard copy output."
She added: "With the financial, legal and reputational consequences of data breaches escalating, print security is intrinsic to an organisation’s security posture and a risk that should be managed at boardroom level."
Quocirca classified respondents on the basis of ‘print security maturity’ based on factors associated with print security such as their spending on print security, use of security assessments, use of pull printing, creation of a formal print security policy, deployment of secure mobile printing, use of third-party testing and deployment of print firmware updates.
By these criteria, Quocirca said only 27 percent of respondents were print security ‘leaders’, while 56 percent were followers and 17 percent were laggards.
It advocated the use of managed print services (MPS) to improve security. Overall, 62 percent of respondents used MPSs, with the figure rising to 76 percent for print security leaders and falling to just 44 percent for the laggards.