HP Inc. Tackles The Nefarious Cybersecurity Problem Few Will Acknowledge: The Office Printer

By Patrick Moorhead - March 14, 2020

Over the past few years, it’s been seemingly impossible to read the news without seeing a headline about a massive data breach, ransomware attack or some other type of security failure. Today, cybercrime could be considered the single greatest threat facing businesses in the modern world. The numbers are staggering. Cybersecurity Ventures forecasted in late 2018 that cybercrime would cost the world economy $6 trillion by 2021, up from $3 trillion in 2015. To put these figures in their proper perspective, this would signify the greatest transfer of economic wealth in history. These risks can also counteract the incentives for innovation and venture capital.

While cybersecurity has long focused on the data center, cloud, mobile device, and client PC sectors, one glaring area that has gotten woefully little attention is the ubiquitous office printer. Printers are an overlooked category for security risks. According to Hewlett Packard, Inc., the leading printer manufacturer in the world, cybercrime represents a $445 billion global crisis for printers, PCs, and other mission-critical IoT endpoints. These are big numbers that enterprise and SMB customers can’t ignore.

Modern multifunction printers (MFPs) face a wide variety of security threats and vulnerabilities, spanning from basic unauthorized access to print data (e.g., someone walks over to a printer and picks up unsecured printed documents) to printers as an attack point, in which a compromised device executes malicious code, hacks other systems on the network, and launches denial-of-service (DOS) actions. 

HP set off in 2016 to raise awareness of this problem via a series of HP-developed security campaigns. According to HP’s internal data, shared in a recent analyst forum at the company’s Palo Alto, CA headquarters, these activities yielded positive results—now 93% of the company’s Americas and EMEA enterprise-class customer RFPs have print security requirements. Perhaps most importantly, from a long-term standpoint, 44% of HP’s polled customers indicated that they have a strong understanding of print security.

HP goes beyond driving printer security awareness

While HP has made strong progress in this area, the company is not merely focusing on marketing awareness campaigns. The company believes it has an imperative to drive more specific actions in this space, given the scope of the threat. HP’s efforts in printer security are particularly important with SMB customers. These businesses often have less IT resources than large enterprise accounts and require simple, effective, resource-friendly tools.

Last week HP announced a commitment to participating in the Buyers Lab Security Validation Testing program. Buyers Lab (BLI), the testing wing of Keypoint Intelligence, is the first major entity to establish an unambiguous set of security standards for connecting MFPs and printers. Additionally, it works with recognized testing organizations to test drive those standards thoroughly. While there are other members of the testing program, including Ricoh and Fuji Xerox, HP’s presence and market share brings particular credibility and authority to the initiative.

As a maiden member of the BLI Security Validating Testing Program, HP also announced that its FutureSmart 4 Enterprise firmware platform for printers successfully passed validation testing for the Device Penetration and Policy Compliance categories. HP’s firmware approach seeks to ensure printer devices can be managed from a compliance standpoint, while providing automated remediation of new or misconfigured devices.

It’s difficult to understate the leadership role that HP is taking in the printer security space. HP is encouraging its industry counterparts to join its efforts, in order to broaden the industry impact and create a “rising tide affects all boats” effect. In an industry where some players can act in a self-serving manner, HP’s approach is commendable and refreshing. 

HP’s credibility benefits the entire industry

It’s impressive to see HP double down on its effort to battle cybersecurity in the printer space. HP has a long-standing reputation for reinvention and being able to adjust to the changing dynamics of markets and product landscapes. Printer security, however, represents a new challenge for HP and the industry at large. Only a company of HP’s stature and reputation can drive the entire industry to a significantly higher standard, which is the central goal of the Buyer’s Lab Validation Testing Program.

HP’s printer security efforts don’t stop at its participation in the Buyer’s Lab Validation Testing Program. HP’s printer portfolio takes a multi-layered security approach, with tools that assist with fleet security monitoring, compliance and management, security assessment and security services. Many of these have been in place for several years. In fact, one could argue that HP is only now getting the attention it deserves for being so proactive in the category. HP’s recent win of BLI’s/Keypoint Intelligence PaceSetter Award for Security is another affirmation of the company’s commitment to tackling crippling and costly breaches in the printer space.

The next frontier in cybersecurity defense capabilities is endpoint resilience. With that in mind, HP's approach of addressing printer security at the firmware level is crucial; it represents the most secure and comprehensive way of protecting a network device from malicious actions. HP is also making significant investments in shoring up its enterprise PCs with resilience and self-healing apps, through its partnership with Absolute Software. This is a welcome and growing trend in the never-ending fight against cybersecurity threats.

Customers will benefit from HP’s actions in the printer security space. Cybersecurity is a mammoth problem that requires bold industry leadership. HP should be applauded for throwing down the gauntlet and challenging the overall printer industry to do better. Customers deserve nothing less.

Patrick Moorhead
+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.