Stewart Watkins At Print Week – Speech On Cyber Crime
If cyber crime is a term that has until now not pinged on your radar, things are about to change.
While news stories of the US and Australian governments accusing China of carrying out cyber attacks on top secret files may not necessarily concern you, the Syrian Electronic Armyâ€™s recent cyber attacks on our very own FT and BBC twitter accounts and websites certainly made us take a bit more notice.
And this followed by a flurry of publications by the government aimed at helping businesses to protect themselves against such attacks.
Indeed BIS published a report last month on the impact of cyber crime on UK SMEs, based on a survey carried out by the Federation of Small Businesses (FSB). The report claims that the annual cost of cyber crime to SMEs is nearly Â£800m a year.
While these figures represent just a few, the BPIFâ€™s head of IT Stewart Watkins says that they do at least highlight a very real problem and one that poses a significant threat to any business, including printers.
The most common threat, he says, comes in the form of what is known as a â€˜trojanâ€™ â€“ software that is not what it appears to be â€“ such as a fake Adobe update. This is a type of malware â€“ the blanket term for harmful software designed to infiltrate your computer â€“ that can get into the system fairly easily. It looks almost identical to the legitimate update prompt, but once accepted will sit on the system and download more malware.
â€œMany printers have Adobe Creative Suite and its products so they would expect to update regularly,â€ explains Watkins. â€œThey wouldnâ€™t necessarily know that they are dealing with pretty harmful malware. Quite the opposite, they would expect it to be completely genuine.â€
Watkins warns of a particularly aggressive and legitimate-looking Adobe Flash update prompt that has emerged in the past few weeks. â€œThe critical thing is to check the URL address of the download page. If it gives an IP address and not the standard adobe.com address then get out of there fast.â€
Another issue for printers that Watkins says he has come across â€œmore than onceâ€ is businesses buying their creative software from the â€˜grey marketâ€™ or what they think is a legitimate reseller. â€œUnfortunately Adobe Creative Suite is one of the most commonly pirated software packages in the industry so printers are very much at risk from malware that could be attached to them.â€
Businesses buying from potentially unlicensed resellers may also find they fall foul of auditors because they may be running the software illegally.
Far more likely than being targeted for their sensitive file content, printersâ€™ networks, like those in many other industries, are attractive to cyber criminals because they often use very high-speed connections. Without the right protection, hackers can hijack the broadband and use it to distribute spam or set up a â€˜botnet armyâ€™ â€“ a host of computers that have been infected with malware and are controlled by a master computer to carry out a cyber attack elsewhere.
â€œIn a printing company, one of the issues would be that it could use the bandwidth up on their main line, which could seriously affect a web-to-print business, their files, and their deadlines,â€ says Watkins.
â€œThe more bandwidth you steal from a high-speed connection, the more damage you can do with a botnet attack. Itâ€™s almost like horsepower. It will enable you to send lots of requests to deny service or to send out huge amounts of spam emails using your email system.â€
In this age of online shopping â€˜denial of serviceâ€™ attacks, when successful, can bring a business to a standstill with people unable to make their purchases because either their own system has been compromised, such as happened to Moo.com in 2010, or their payment provider has.
Chief executive of Tangent Communications and web-to-print subsidiary Printed.com Nick Green says one of its own third-party payment providers had previously been compromised. â€œBut itâ€™s a third-party issue,â€ he says. â€œThe important thing is that your business is protected. No matter how small you are you have to take this very seriously. If your plan is to sell something online, the fastest way to see a collapse in confidence on your site is if people arrive at it and they experience a problem.â€
Green says investing in server infrastructure and maintenance and a strict, secure-password protocol across the group are just the basics of how Tangent protects itself. He highlights the use of File Transfer Protocol (FTP) uploads within the business that often contain sensitive market information, as a specific target area for hacking. â€œIt is critical we do everything possible to protect ourselves and our clients,â€ he says.
The BPIFâ€™s Watkins also warns that FTP is susceptible. â€œIf you have an open FTP thereâ€™s on average a hack attempt on it every three minutes.â€
â€œMany in the print industry use FTP to transfer large files between users and I would urge them to move to Secure FTP (SFTP), the latest version, which is encrypted as itâ€™s sent between computers,â€ he explains.
Other preventative measures include cloning your server or investing in a second, virtual server so that if your primary server is compromised you can be up and running quickly while the damage is fixed.
Encrypting data using free products such as Truecrypt and checking the credentials of a seller before purchasing software should also form part of a basic cyber crime-proofing kit.
Chief technical officer at Pureprint, James Parker says that printers should not only be following these protocols but looking to attain industry standards such as ISO 27001 (Information Security) and the DMAâ€™s DataSeal to actively ensure their systems are secure.
â€œPureprint for one is actively pursuing, and close to obtaining, both these standards to provide our clients with the confidence that appropriate measures are in place to prevent external threats,â€ he says.
â€œLike any industry, print needs to consider cyber crime and external threats as a priority. Whether printing personalised pieces or not, the information from our clients that we deal with is commercial in confidence while in our custody.â€
So the message is clear. Cyber crime is here to stay, it is evolving and all our systems are at risk. Just donâ€™t wait until it has happened to you to get protected. â€œThatâ€™s like not getting a burglar alarm until after your home has been cleaned out,â€ says Watkins.