The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

The OG of IoT .... Network Printers

See Article Here

I saw the attached article and started to giggle and couldn't resist. Printers have always been a problem since we stopped connecting them with serial cables! First came leaving all your sensitive data in the copy machine itself, then there were the hard drives that amassed a treasure trove of data and what did we do when the copy machine needed to be replaced? We just threw it out, not even thinking about securely destroying the hard drive. As an asisde, since I am ranting about printers, don’t get me started about that little piece of paper stuck in one of the rollers that always caused a paper jam that no one knew how to clear! (Oh that still happens).

Then guess what we did, we gave them an IP address and put them on out network so people can now share printers. Just another endpoint that I am not sure who is ultimately responsible for updating or patching. In reflecting on my over 22 plus years in government, private industry and academia, I can’t name you one person that ever said to me that it was there job to make sure all printers were up to date, let alone see it actually done.

The article talks about how printers are neglicted and not seen as a part of “the network” in a traditional sense. But if it has an IP address it is an end point right? Despite the strain on network administrators you have to have a plan to service these devices right? Or guess what happens? A security alert will go off in the Security Operations Center, that there is a machine infected and spewing out malware and all heck will break loose. In my case, I recall sending members of my team to physical location of the IP address causing the issue, sure enough it was a multifunction printer/fax in the mail room. (Long Sigh)

If printers are an example of how we are going to update and patch IoT devices we are in BIG trouble.