by Amy Weiss
There was a time when cybersecurity was relegated to computers; when the imaging channel was more of an ancillary character in the story; collateral damage to a network breach, if you will. But of course, that has long since changed — with most MFPs/copiers being networked devices as well as the ever-increasing investment in managed IT services, cybersecurity is very much an imaging channel issue.
Once a year, The Imaging Channel officially talks about security in our “Securing the Office” issue, which will come out in June this year. Unofficially, though, we talk about it a lot more often — whenever there is a major product release around security, or when there is a major security news story, which there frequently is these days. The double whammy of the Facebook Cambridge Analytica scandal and the Atlanta ransomware attack definitely qualifies, and without giving away too much (in other words, I haven’t written it yet) you can expect to see some good information in our June issue. But since there is so much going on right now, I wanted to offer a sneak peek, and talk a little about the current security atmosphere.
You’re probably familiar with the Cambridge Analytica story by now, but in truth, this isn’t so much a security issue as it is one of data privacy. We all knowingly take risks when we go online, and when we go on a site like Facebook and share our day-to-day activities, we have to be aware we’re taking risks. I’ll let Mark Zuckerberg and Congress puzzle out the intricacies of what Facebook did wrong. I have, however, downloaded my Facebook data, although nothing there really terrified me (if you want to do it, Wired has a good article on not only how, but what to do with it).
The far more interesting (or at least relevant and worrisome for the channel) story is the ransomware attack on the city of Atlanta. Possibly one of the most interesting facets of that story is how little story there is — officials have been pretty tight-lipped about details like the city’s systems and procedures and what exactly the response has been to the hackers.
What is ransomware, exactly? Around the time of last year’s security issue the big WannaCry ransomware attack was in the news, and this article covers the basics. Is it coincidence that another big attack is in the news this year? Sadly, no. Ransomware and cyberattacks are becoming a very real and nearly common occurrence — so much so that the TV show Grey’s Anatomy devoted an entire episode to a ransomware attack on the fictitious Grey-Sloan Memorial Hospital (yes, I still watch Grey’s after 14 seasons. Don’t judge). Just how real was that attack, and how much was Hollywood drama? SC Magazine did a postmortem on the episode and while a lot of it was overly dramatized, one interesting piece was called out for accuracy: a plot point where doctors couldn’t access the electronic medical record of a patient, suggesting there were no paper backups. Panel experts noted that was “probably one of the more accurate depictions in the show. As hospitals move more and more into full electronics, paper's going away. So that is what keeps security professionals up at night: Not being able to get into the chart, not being able to find the history.”
That was reflected in the real-life aftermath of the Atlanta attack as well, in a New Yorker article that quoted one city worker as saying, “This longtime goal of moving to a paperless society looks a lot less exalted now than it did a week ago. I’d give anything for a hard copy of everything I lost." Could the silver lining of increased cyberattacks be good news for the hard copy industry?
Another quote in that New Yorker article stood out to me as well: “Another frustrated employee, who has worked for the city for more than a decade, said the city never spends enough to sufficiently address these sorts of problems. ‘They’re all about lowest bidder,’ he said.”
Ah yes. The constant battle between management and IT; between budget and compliance. The truth of the matter is, backup systems exist that can render ransomware attacks and other system breakdowns irrelevant. The other truth of the matter is, those systems are expensive. It is well known that there is a significant divide between IT and management, between technical needs and budgetary requirements. We’ve talked about it for years; this 2014 Workflow article examined a survey on the topic that showed a not-at-all surprising gap between the two. And while security did seem to be the one area where there was a consensus, I’m sure that digging deeper into “security budgets” would have shown a wider gap.
It’s going to have to change. I recently spoke to Greg Sparrow, data and security policy expert at CompliancePoint, who said, bluntly, that we are losing the battle. “If you look at the last couple of years, the threat from a cyber perspective is huge … organizations need to improve.” Sparrow offered a number of pieces of advice, but his No. 1 tip was patching. “Keep your systems up to date.”