Business impact, risks and controls associated with the internet of things

Thesis (MCom)--Stellenbosch University, 2017.ENGLISH SUMMARY : Modern businesses need to keep up with the ever-evolving state of technology to determine how a change in technology will affect their operations. Adopting Internet of Things to operations will assist businesses in achieving the goals set by management and, through data integration, add additional value to information. With the Internet of Things forming a global communication network, data is gathered in real time by sensor technologies embedded in uniquely identifiable virtual and physical objects. This data gathered are integrated and analysed to extract knowledge, in order to provide services like inventory management, customised customer service and elearning as well as accurate patient records. This integrated information will generate value for businesses by, inter alia, improving the quality of information and business operations. Business may be quick to adopt the Internet of Things into their operations because of the promised benefits, without fully understanding its enabling technologies. It is important that businesses acquire knowledge of the impact that these technologies will have on their operations as well as the risks associated with the use of these technologies before they deploy the Internet of Things in their business environment. The purpose of this study was to identify the business impact, risks and controls associated with the Internet of Things and its enabling technologies. Through the understanding of the enabling technologies of Internet of Things, the possible uses and impact on business operations can be identified. With the help of a control framework, the understanding gained on the technologies were used to identify the risks associated with them. The study concludes by formulating internal controls to address the identified risks. It was found that the core technologies (smart objects, wireless networks and semantic technologies) adopt humanlike characteristics and convert most manual business operations into autonomous operations, leading to increased business productivity, market differentiation, cost reduction and higher-quality information. The identified risks centred on data integrity, privacy and confidentiality, authenticity, unauthorised access, network availability and semantic technology vulnerabilities. A multi-layered approach of technical and non-technical internal controls were formulated to mitigate the identified risks to an acceptable level. The findings will assist information technology specialists and executive management of industries to identify the risks associated with the implementation of Internet of Things in operations, mitigate the risks to an acceptable level through controls as well as assist them to determine the possible uses and its impact on operations.AFRIKAANSE OPSOMMING : Moderne ondernemings moet tred hou met die voortdurende ontwikkeling van tegnologie om te bepaal hoe ʼn verandering in tegnologie hulle bedrywighede sal beïnvloed. Inkorporering van Internet van Dinge in bedrywighede sal besighede help om die doelwitte wat deur bestuur gestel is te bereik en, deur data integrasie, additionele waarde te voeg tot inligting. Met Internet van Dinge wat ʼn globale kommunikasienetwerk vorm, word data in regte tyd versamel deur ensortegnologieë wat ingebed is in unieke identifiseerbare virtuele en fisiese voorwerpe. Hierdie versamelde data word geïntegreer en ontleed om kennis te onttrek om sodoende dienste te lewer, soos voorraadbestuur, pasgemaakte kliëntediens en e-leer sowel as akkurate pasiënt rekords. Hierdie geïntegreerde inligting sal waarde genereer vir ondernemings deur, inter alia, die gehalte van inligting en sakebedrywighede te verbeter. Ondernemings mag vinnig Internet van Dinge in hulle bedrywighede inkorporeer as gevolg van die beloofde voordele, sonder om die instaatstellende tegnologieë ten volle te verstaan. Dit is belangrik dat ondernemings kennis inwin oor die impak wat hierdie tegnologieë sal hê op hulle bedrywighede sowel as die risiko’s wat geassosieer word met die gebruik van hierdie tegnologieë voordat Internet van Dinge in hulle sakeomgewings ontplooi word. Die doel van hierdie studie was om die besigheidsimpak, risko’s en kontroles wat geassosieer word met Internet van Dinge en die instaatstellende tegnologieë te identifiseer. Deur die instaatstellende tegnologieë van Internet van Dinge te verstaan, kan die moontlike gebruike en impak daarvan op sakebedrywighede geïdentifiseer word. Met behulp van ʼn kontroleraamwerk, is die begrip van die tegnologieë gebruik om die risiko’s wat geassosieer word met hulle te identifiseer. Die studie sluit af met die formulering van interne kontroles om die geïdentifiseerde risko’s aan te spreek. Daar is gevind dat die kerrntegnologiekomponente (slim voorwerpe, draadlose netwerke en semantiese tegnologieë) menslike eienskappe aanneem en die meeste handsakebedrywighede omskakel na outonome bedrywighede, wat lei tot verhoogte sakeproduktiwiteit, markdifferensiasie, kostebesparing en hoërgehalte-inligting. Die geïdentifiseerde risiko’s is toegespits op data integriteit, -privaatheid en - vertroulikheid, egtheid, ongemagtigde toegang, netwerkbeskikbaarheid en semantiese tegnologiekwesbaarhede. ʼn Multilaagbenadering van tegniese en nie-tegniese interne kontroles is geformuleer, om sodoende die geïdentifiseerde risiko’s tot ʼn aanvaarbare vlak te versag. Die bevindinge sal inligtingstegnologie-spesialiste en uitvoerende bestuur van industrieë help om die risiko’s verbonde aan implementering van Internet van Dinge te identifiseer, risko’s te versag tot ʼn aanvaarbare vlak met kontroles sowel as hulle te help om moontlike gebruike en hulle impak op bedrywighede vas te stel

Fast Detection of Zero-Day Phishing Websites Using Machine Learning

The recent global growth in the number of internet users and online applications has led to a massive volume of personal data transactions taking place over the internet. In order to gain access to the valuable data and services involved for undertaking various malicious activities, attackers lure users to phishing websites that steal user credentials and other personal data required to impersonate their victims. Sophisticated phishing toolkits and flux networks are increasingly being used by attackers to create and host phishing websites, respectively, in order to increase the number of phishing attacks and evade detection. This has resulted in an increase in the number of new (zero-day) phishing websites. Anti-malware software and web browsers’ anti-phishing filters are widely used to detect the phishing websites thus preventing users from falling victim to phishing. However, these solutions mostly rely on blacklists of known phishing websites. In these techniques, the time lag between creation of a new phishing website and reporting it as malicious leaves a window during which users are exposed to the zero-day phishing websites. This has contributed to a global increase in the number of successful phishing attacks in recent years. To address the shortcoming, this research proposes three Machine Learning (ML)-based approaches for fast and highly accurate prediction of zero-day phishing websites using novel sets of prediction features. The first approach uses a novel set of 26 features based on URL structure, and webpage structure and contents to predict zero-day phishing webpages that collect users’ personal data. The other two approaches detect zero-day phishing webpages, through their hostnames, that are hosted in Fast Flux Service Networks (FFSNs) and Name Server IP Flux Networks (NSIFNs). The networks consist of frequently changing machines hosting malicious websites and their authoritative name servers respectively. The machines provide a layer of protection to the actual service hosts against blacklisting in order to prolong the active life span of the services. Consequently, the websites in these networks become more harmful than those hosted in normal networks. Aiming to address them, our second proposed approach predicts zero-day phishing hostnames hosted in FFSNs using a novel set of 56 features based on DNS, network and host characteristics of the hosting networks. Our last approach predicts zero-day phishing hostnames hosted in NSIFNs using a novel set of 11 features based on DNS and host characteristics of the hosting networks. The feature set in each approach is evaluated using 11 ML algorithms, achieving a high prediction performance with most of the algorithms. This indicates the relevance and robustness of the feature sets for their respective detection tasks. The feature sets also perform well against data collected over a later time period without retraining the data, indicating their long-term effectiveness in detecting the websites. The approaches use highly diversified feature sets which is expected to enhance the resistance to various detection evasion tactics. The measured prediction times of the first and the third approaches are sufficiently low for potential use for real-time protection of users. This thesis also introduces a multi-class classification technique for evaluating the feature sets in the second and third approaches. The technique predicts each of the hostname types as an independent outcome thus enabling experts to use type-specific measures in taking down the phishing websites. Lastly, highly accurate methods for labelling hostnames based on number of changes of IP addresses of authoritative name servers, monitored over a specific period of time, are proposed