Security and Privacy Issues in Internet of Things Buzzword

Question: Discuss about theSecurity and Privacy Issues in Internet of Things for Buzzword. Answer: Introduction Internet of Things (IoT) is a new buzzword in the field of technology that is spreading at a rapid rate. IoT is a concept that combines and includes a large number of gadgets along with the devices and applications for the execution of a specific activity. There are several IoT applications that have been developed and provided to the customers such as home automation, office automation and many others. There are a wide variety of entities and components that are present and are associated with an IoT application. Some of these components include mobile devices, small appliances, large appliances, computer systems, computer networks, human resources and many others (Bhabad, 2015). These IoT applications provide many benefits to the users in terms of usability and performance. There are also many issues and risks that are also involved. These security risks along with the protection mechanisms and future trends have been covered in the report. Background Research Questions What are the different categories and types of risks in terms of security that are involved with an IoT application? What is the potential impact and probable consequences that may emerge with the occurrence of a security risk or an attack? What are the protection mechanisms that may be applied to ensure that the security risks and attacks are prevented and controlled? What are the future trends that are related with the security of the IoT apps? Security and Privacy Issues of IoT Confidentiality Attacks Eavesdropping The entities and components that are associated with an IoT application are a lot many. Some of these components include mobile devices, small appliances, large appliances, computer systems, computer networks, human resources and many others. There are several entry and access points that become available to the attackers which gives rise to the eavesdropping attack. In these attacks, the attacker monitors and peeps in to the network in an unauthorized manner (Wood, 2016). Unauthorized Tracking Information plays an important role in any of the application and the case is the same for an IoT application. This information does not remain at rest and keeps on getting transferred from one source to the other. In between this process of transferring of the information, the attackers succeed in obtaining access to the path and track the same in an unauthorized manner. Data Mining Attacks Business Intelligence (BI) is a concept that includes a number of different technologies. One of such technologies that play a significant role in case of IoT applications is data mining. It offers a lot many benefits to the applications; however, there are also many attacks that also take place in association with data mining that is applied in IoT applications (Amato, 2016). Reconstruction Attacks Confidentiality of the information is often hampered with reconstruction attacks that take place in an IoT application. These are the attacks in which the data and the information is given a new structure or a new shape which is termed as reconstruction of the information. Integrity Attacks Message Alteration There are certain properties of information that are required to be safeguarded and protected at all times. One of such properties of information is its integrity. Information integrity is the property which says that any changes and modifications that take place in the information set shall be authorized and shall also be uniform such that the changes take place across all the copies. This property is often violated in case of IoT applications due to the execution of a number of attacks. One of such attack is message alteration. It is an integrity attack in which the content of the message are altered by the malevolent entities that leads to a considerable damage (Microsoft, 2016). Media Alteration There are certain properties of information that are required to be safeguarded and protected at all times. One of such properties of information is its integrity. Information integrity is the property which says that any changes and modifications that take place in the information set shall be authorized and shall also be uniform such that the changes take place across all the copies. This property is often violated in case of IoT applications due to the execution of a number of attacks. One of such attack is media alteration. It is an integrity attack in which the content of the media are altered by the malevolent entities that leads to a considerable damage (Aws, 2016). Availability Attacks Flooding Attacks Information and application availability is another system quality and information property that is demanded and expected by the attackers. This quality and property is violated with the execution of a lot many attacks. One such attack is the flooding attack in which unwanted traffic is directed towards the application and the services. Some of the examples of these attacks include Denial of Service and Distributed Denial of Service attacks (Nichols, 2016). Server Impersonating As stated earlier, there are various entities and components that are involved with the IoT application. Due to the involvement of so many components, there are also a lot many servers that are involved and associated with the application. There are scenarios wherein impersonation of these servers is executed and caused by the malicious entities. QoS Abuse Customers that are associated with the IoT application expect the application to score well in terms of the quality. There is however attacks that are executed that hamper the quality of the service by violating the same. These attacks are termed as QoS attacks or QoS abuse (Panetta, 2016). Consequences of the Issues There is a lot of information that is associated with an IoT application due to the involvement of a lot many components. The consequences that may result out from an attack can vary on the basis of the attack type along with the information type that is impacted. The information that is associated with these applications can fall into categories such as for office use only, private information, critical information, sensitive data, public data and confidential information. There are also various categories of the users of these applications such as large scale business users, small or medium scale business users, individual home users and likewise. In case of the involvement of more than one party and the impact on the information category as confidential, critical or sensitive, there may be legal obligations as well (Mahmoud, 2015). Apart from the legal obligations, there may also be a number of impacts in terms of the market performance. With increase in the frequency of the attacks, there will be loss to the goodwill of the organization in the market. The brand reputation along with the brand value will also come down. There are various organizations that are present in the market that are working towards a common domain or an application area. In case of occurrence of a security attack in one organization, another competitor may gain an advantage out of the situation by coming up with similar application with better security. The customer base along with the revenues will also come down. There will also be an adverse impact on the employees as their efficiency and productivity will also be affected (Ko Dorantes, 2016). Protection Mechanisms There are providers in the market that have come up with powerful tools to deal with the availability attacks and these tools are termed as anti-denial tools. These tools are automated in nature and are specifically designed to make sure that the alerts are generated in case of an attempt to impact the availability of the application. There shall be policies implemented along with the strategies and controls to enhance the authentication system that is implemented in the organization. These systems shall include an enhanced form of security in the form of multi-step authentication (Lu, 2014). Networking attacks in the form of confidentiality attacks, integrity attacks and availability attacks are huge in number. Organizations must make sure that these network attacks are prevented and also detected timely to control the damage. There are several network surveillance tools that are available that shall be installed to put a check and track on the network activities. Encryption of the information shall be implemented to make sure that the information stays secure and protected at all times. There are also several applications and systems that have been developed to detect and prevent the intruders and these tools are termed as Intrusion Detection and Intrusion Prevention systems. These shall be installed in the network and the applications to prevent and detect the security attacks. Device safety and security is also important in case of IoT app as there are several devices that are associated with the application in terms of mobile devices, computer systems, small and large appliances and many more. These devices shall be kept protected at all times. The overall legal architecture and structure shall be improved with the inclusion of new policies and laws to make sure that the attackers do not attempt these attacks. With the invention of latest and advanced forms of security, it is often seen that the basic security mechanism is not paid enough attention. Basic security shall be enhanced with the installation of firewalls, anti-malware packages along with the proxy servers. Role of Physical Security Physical security is often discarded with the implementation and existence of the newer forms of applications that are mostly based on cloud or virtual systems. The role of physical security cannot be neglected as it is equally important as the administrative or technical controls. Physical security controls shall therefore be set up across the data centres along with the device security to make sure that there are no occurrences such as device loss or stealing of the same (Jing, 2014). Conclusion Future Trends Threat hunting is one of the latest mechanisms that are being used by the organizations and entities all across the globe. It is a process in which the risks and threats are hunted by the development of the methods and procedures around the same which are an amalgamation of humanly executed tasks, machine assisted techniques and automated operations. There is a Hunting Maturity Model (HMM) that has been developed that categorized the organizations on the basis of their ability to hunt the threats. The model shall be implemented to make sure that threats are detected and prevented. Internet of Things (IoT) is a new buzzword in the field of technology that is spreading at a rapid rate. IoT is a concept that combines and includes a large number of gadgets along with the devices and applications for the execution of a specific activity. There are several IoT applications that have been developed and provided to the customers such as home automation, office automation and many others. There are a wide variety of entities and components that are present and are associated with an IoT application. Some of these components include mobile devices, small appliances, large appliances, computer systems, computer networks, human resources and many others. Due to the involvement of so many entities, there may be confidentiality, integrity and availability attacks that may be executed. There is a lot of information that is associated with an IoT application due to the involvement of a lot many components. The consequences that may result out from an attack can vary on the ba sis of the attack type along with the information type that is impacted. The information that is associated with these applications can fall into categories such as for office use only, private information, critical information, sensitive data, public data and confidential information. Physical security is often discarded with the implementation and existence of the newer forms of applications that are mostly based on cloud or virtual systems. The role of physical security cannot be neglected as it is equally important as the administrative or technical controls. References Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 9 May 2017, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html Aws,. (2016). Overview of Security Processes. Retrieved 9 May 2017, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf Bhabad, M. (2015). Internet of Things: Architecture, Security Issues and Countermeasures. Retrieved 9 May 2017, from https://www.ijcaonline.org/research/volume125/number14/bhabad-2015-ijca-906251.pdf Jing, Q. (2014). Security of the Internet of Things: perspectives and challenges. Retrieved 9 May 2017, from https://csi.dgist.ac.kr/uploads/Seminar/1407_IoT_SSH.pdf Ko, M. Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 9 May 2017, from https://jitm.ubalt.edu/XVII-2/article2.pdf Lu, C. (2014). Overview of Security and Privacy Issues in the Internet of Things. Retrieved 9 May 2017, from https://www.cse.wustl.edu/~jain/cse574-14/ftp/security.pdf Mahmoud, R. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures - IEEE Xplore Document. Ieeexplore.ieee.org. Retrieved 9 May 2017, from https://ieeexplore.ieee.org/document/7412116/ Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT Security Processes - Best Practices for Business IT. Microsoft.com. Retrieved 9 May 2017, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 9 May 2017, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63 Panetta, K. (2016). Gartner's Top 10 Security Predictions 2016 - Smarter With Gartner. Smarter With Gartner. Retrieved 9 May 2017, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/ Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 9 May 2017, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security