Articles Data Breaches and Identity Theft | Page 18

Cyber security and the Internet of Things 81
the assets should be protected against. In this paper, assets were defined
as all valuable things in the system, tangible and intangible, which require
protection. Some general, IoT assets include system hardware, software, data
and information, as well as assets related to services, e.g. service reputation.
It has been shown that it is crucial to comprehend the threats and system weak-
nesses in order to allocate better system mitigation. In addition, understanding
potential attacks allows system developers to better determine where funds
should be spent. Most commonly known threats have been described as DoS,
physical attacks and attacks on privacy.
Three different types of intruders were discussed in this paper, namely indi-
vidual attacks, organized groups, and intelligence agencies. Each attacker type
has different skill levels, funding resources, motivation, and risk tolerance.
It is very important to study the various types of attack actors and determine
which are most likely to attack a system. Upon describing and documenting
all threats and respective actors, it is easier to perceive which threat could
exploit what weakness in the system. Generally, it is assumed that IoT
intruder has full DY intruder capabilities in addition to some limited physical
compromise power. We will presume that physical compromise attacks do
not scale, and they will therefore only at-worst affect a limited population
of the total number of IoT devices. IoT architecture must consequently be
designed to cope with compromised devices and be competent in detecting
such incidents. It is concluded that attackers employ various methods, tools,
and techniques to exploit vulnerabilities in a system to achieve their goals or
objectives. Understanding attackers motives and capabilities is important for
an organization to prevent potential damage. To reduce both potential threats
and their consequences, more research is needed to fill the gaps in knowledge
regarding threats and cybercrime and provide the necessary steps to mitigate
probable attacks.
5 Conclusions
IoT faces a number of threats that must be recognized for protective action to
be taken. In this paper, security challenges and security threats to IoT were
introduced. The overall goal was to identify assets and document potential
threats, attacks and vulnerabilities faced by the IoT.
An overview of the most important IoT security problems was provided,
with particular focus on security challenges surrounding IoT devices and
services. Security challenges, such as confidentiality, privacy and entity
trust were identified. We showed that in order to establish more secure and