Articles Data Breaches and Identity Theft | Page 14

Cyber security and the Internet of Things 77 • Regulation must be extended to provide protection of user data after end-of-device life (deletion of the device data (Wipe) if the device is stolen, lost or not in use). • Privacy in processing – depends on device and communication integrity [50]. Data should be disclosed to or retained from third parties without the knowledge of the data owner. • Identity privacy – the identity of any device should only discovered by authorized entity (human/device). • location privacy – the geographical position of relevant device should only discovered by authorized entity (human/device) [51]. 3 Intruders, Motivations and Capabilities Intruders have different motives and objectives, for instance, financial gain, influencing public opinion, and espionage, among many others. The motives and goals of intruders vary from individual attackers to sophisticated organized-crime organizations. Intruders also have different levels of resources, skill, access and risk tolerance leading to the portability level of an attack occurring [52]. An insider has more access to a system than outsiders. Some intruders are well- funded and others work on a small budget or none. Every attacker chooses an attack that is affordable, an attack with good return on the investment based on budget, resources and experience [6]. In this section, intruders are categorized according to characteristics, motives and objectives, capabilities and resources. 3.1 Purpose and Motivation of Attack Government websites, financial systems, news and media websites, military networks, as well as public infrastructure systems are the main targets for cyber-attacks. The value of these targets is difficult to estimate, and estimation often varies between attacker and defender. Attack motives range from identity theft, intellectual property theft, and financial fraud, to critical infrastructure attacks. It is quite difficult to list what motivates hackers to attack systems. For instance, stealing credit card information has become a hackers hobby nowadays, and electronic terrorism orga- nizations attack government systems in order to make politics, religion interest.