Articles Data Breaches and Identity Theft | Page 14
Cyber security and the Internet of Things 77
• Regulation must be extended to provide protection of user data after
end-of-device life (deletion of the device data (Wipe) if the device
is stolen, lost or not in use).
• Privacy in processing – depends on device and communication integrity
[50]. Data should be disclosed to or retained from third parties without
the knowledge of the data owner.
• Identity privacy – the identity of any device should only discovered by
authorized entity (human/device).
• location privacy – the geographical position of relevant device should
only discovered by authorized entity (human/device) [51].
3 Intruders, Motivations and Capabilities
Intruders have different motives and objectives, for instance, financial
gain, influencing public opinion, and espionage, among many others. The
motives and goals of intruders vary from individual attackers to sophisticated
organized-crime organizations.
Intruders also have different levels of resources, skill, access and risk
tolerance leading to the portability level of an attack occurring [52]. An
insider has more access to a system than outsiders. Some intruders are well-
funded and others work on a small budget or none. Every attacker chooses
an attack that is affordable, an attack with good return on the investment
based on budget, resources and experience [6]. In this section, intruders are
categorized according to characteristics, motives and objectives, capabilities
and resources.
3.1 Purpose and Motivation of Attack
Government websites, financial systems, news and media websites, military
networks, as well as public infrastructure systems are the main targets
for cyber-attacks. The value of these targets is difficult to estimate, and
estimation often varies between attacker and defender. Attack motives
range from identity theft, intellectual property theft, and financial fraud,
to critical infrastructure attacks. It is quite difficult to list what motivates
hackers to attack systems. For instance, stealing credit card information
has become a hackers hobby nowadays, and electronic terrorism orga-
nizations attack government systems in order to make politics, religion
interest.