10 June

Stewart Watkins At Print Week – Speech On Cyber Crime

If cyber crime is a term that has until now not pinged on your radar, things are about to change.

While news stories of the US and Australian governments accusing China of carrying out cyber attacks on top secret files may not necessarily concern you, the Syrian Electronic Army’s recent cyber attacks on our very own FT and BBC twitter accounts and websites certainly made us take a bit more notice.

And this followed by a flurry of publications by the government aimed at helping businesses to protect themselves against such attacks.

Indeed BIS published a report last month on the impact of cyber crime on UK SMEs, based on a survey carried out by the Federation of Small Businesses (FSB). The report claims that the annual cost of cyber crime to SMEs is nearly £800m a year.

While these figures represent just a few, the BPIF’s head of IT Stewart Watkins says that they do at least highlight a very real problem and one that poses a significant threat to any business, including printers.

The most common threat, he says, comes in the form of what is known as a ‘trojan’ – software that is not what it appears to be – such as a fake Adobe update. This is a type of malware – the blanket term for harmful software designed to infiltrate your computer – that can get into the system fairly easily. It looks almost identical to the legitimate update prompt, but once accepted will sit on the system and download more malware.

“Many printers have Adobe Creative Suite and its products so they would expect to update regularly,” explains Watkins. “They wouldn’t necessarily know that they are dealing with pretty harmful malware. Quite the opposite, they would expect it to be completely genuine.”

Watkins warns of a particularly aggressive and legitimate-looking Adobe Flash update prompt that has emerged in the past few weeks. “The critical thing is to check the URL address of the download page. If it gives an IP address and not the standard adobe.com address then get out of there fast.”

Another issue for printers that Watkins says he has come across “more than once” is businesses buying their creative software from the ‘grey market’ or what they think is a legitimate reseller. “Unfortunately Adobe Creative Suite is one of the most commonly pirated software packages in the industry so printers are very much at risk from malware that could be attached to them.”

Businesses buying from potentially unlicensed resellers may also find they fall foul of auditors because they may be running the software illegally.

Far more likely than being targeted for their sensitive file content, printers’ networks, like those in many other industries, are attractive to cyber criminals because they often use very high-speed connections. Without the right protection, hackers can hijack the broadband and use it to distribute spam or set up a ‘botnet army’ – a host of computers that have been infected with malware and are controlled by a master computer to carry out a cyber attack elsewhere.

“In a printing company, one of the issues would be that it could use the bandwidth up on their main line, which could seriously affect a web-to-print business, their files, and their deadlines,” says Watkins.

“The more bandwidth you steal from a high-speed connection, the more damage you can do with a botnet attack. It’s almost like horsepower. It will enable you to send lots of requests to deny service or to send out huge amounts of spam emails using your email system.”

In this age of online shopping ‘denial of service’ attacks, when successful, can bring a business to a standstill with people unable to make their purchases because either their own system has been compromised, such as happened to Moo.com in 2010, or their payment provider has.

Chief executive of Tangent Communications and web-to-print subsidiary Printed.com Nick Green says one of its own third-party payment providers had previously been compromised. “But it’s a third-party issue,” he says. “The important thing is that your business is protected. No matter how small you are you have to take this very seriously. If your plan is to sell something online, the fastest way to see a collapse in confidence on your site is if people arrive at it and they experience a problem.”

Green says investing in server infrastructure and maintenance and a strict, secure-password protocol across the group are just the basics of how Tangent protects itself. He highlights the use of File Transfer Protocol (FTP) uploads within the business that often contain sensitive market information, as a specific target area for hacking. “It is critical we do everything possible to protect ourselves and our clients,” he says.

The BPIF’s Watkins also warns that FTP is susceptible. “If you have an open FTP there’s on average a hack attempt on it every three minutes.”

“Many in the print industry use FTP to transfer large files between users and I would urge them to move to Secure FTP (SFTP), the latest version, which is encrypted as it’s sent between computers,” he explains.

Other preventative measures include cloning your server or investing in a second, virtual server so that if your primary server is compromised you can be up and running quickly while the damage is fixed.

Encrypting data using free products such as Truecrypt and checking the credentials of a seller before purchasing software should also form part of a basic cyber crime-proofing kit.

Chief technical officer at Pureprint, James Parker says that printers should not only be following these protocols but looking to attain industry standards such as ISO 27001 (Information Security) and the DMA’s DataSeal to actively ensure their systems are secure.

“Pureprint for one is actively pursuing, and close to obtaining, both these standards to provide our clients with the confidence that appropriate measures are in place to prevent external threats,” he says.

“Like any industry, print needs to consider cyber crime and external threats as a priority. Whether printing personalised pieces or not, the information from our clients that we deal with is commercial in confidence while in our custody.”

So the message is clear. Cyber crime is here to stay, it is evolving and all our systems are at risk. Just don’t wait until it has happened to you to get protected. “That’s like not getting a burglar alarm until after your home has been cleaned out,” says Watkins.

View in Print Week

We use cookies to improve your experience and track website usage. Privacy Policy | Data Protection Policy