Articles Data Breaches and Identity Theft | Page 9

72 M. Abomhara and G. M. Køien
the project without a plan, poor communication between developers and users,
a lack of resources, skills, and knowledge, and failing to manage and control
the system [7].
2.2.2 Exposure
Exposure is a problem or mistake in the system configuration that allows
an attacker to conduct information gathering activities. One of the most
challenging issues in IoT is resiliency against exposure to physical attacks.
In the most of IoT applications, devices may be left unattended and likely
to be placed in location easily accessible to attackers. Such exposure raises
the possibility that an attacker might capture the device, extract cryptographic
secrets, modify their programming, or replace them with malicious device
under the control of the attacker [33].
2.2.3 Threats
A threat is an action that takes advantage of security weaknesses in a system
and has a negative impact on it [34]. Threats can originate from two primary
sources: humans and nature [35, 36]. Natural threats, such as earthquakes,
hurricanes, floods, and fire could cause severe damage to computer systems.
Few safeguards can be implemented against natural disasters, and nobody
can prevent them from happening. Disaster recovery plans like backup
and contingency plans are the best approaches to secure systems against
natural threats. Human threats are those caused by people, such as malicious
threats consisting of internal [37] (someone has authorized access) or exter-
nal threats [38] (individuals or organizations working outside the network)
looking to harm and disrupt a system. Human threats are categorized into
the following:
• Unstructured threats consisting of mostly inexperienced individuals who
use easily available hacking tools.
• Structured threats as people know system vulnerabilities and can under-
stand, develop and exploit codes and scripts. An example of a structured
threat is Advanced Persistent Threats (APT) [39]. APT is a sophisticated
network attack targeted at high-value information in business and gov-
ernment organizations, such as manufacturing, financial industries and
national defense, to steal data [40].
As IoT become a reality, a growing number of ubiquitous devices has
raise the number of the security threats with implication for the general
public. Unfortunately, IoT comes with new set of security threat. There are