3 research outputs found
Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices
IoT devices are present in many, especially corporate and sensitive, networks
and regularly introduce security risks due to slow vendor responses to
vulnerabilities and high difficulty of patching. In this paper, we want to
evaluate to what extent the development of future risk of IoT devices due to
new and unpatched vulnerabilities can be predicted based on historic
information. For this analysis, we build on existing prediction algorithms
available in the SAFER framework (prophet and ARIMA) which we evaluate by means
of a large data-set of vulnerabilities and patches from 793 IoT devices. Our
analysis shows that the SAFER framework can predict a correct future risk for
91% of the devices, demonstrating its applicability. We conclude that this
approach is a reliable means for network operators to efficiently detect and
act on risks emanating from IoT devices in their networks.Comment: accepted at ESORICS STM22 worksho
Recommended from our members
How secure is home: assessing human susceptibility to IoT threats
The use of Internet of Things (IoT) devices within the home has become more popular in recent years and with the COVID-19 pandemic more employees are working from home. Risk management has become decentralised, which is problematic for organisations since potential risks towards the company can not be controlled in a standardised and formal way. On the other side, users are suffering from smart home attacks due to the nature of IoT such as its heterogeneity and non-standardised architecture. However, the behaviour and attitudes of the user can dictate the increase or decrease of risk and possible losses due to the end user’s responsibility within the IoT life cycle. In this paper, we suggest that a user’s behaviour and attitude towards IoT devices within the smart home is imperative when designing a risk model for the home. We then consider the human element in the risk assessment process in IoT. We present a Smart Home Behaviour and Attitude Risk Model (SH-BARM) to discuss the importance of human behaviour and attitudes within the home and propose a solution to that will aid smart home inhabitants and organisations
Recommended from our members
A survey on cyber risk management for the Internet of Things
The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, we present a comprehensive survey of papers that model cyber risk management processes within the context of IoT, and provide recommendations for further work. Using 39 collected papers, we studied IoT cyber risk management frameworks against four research questions that delve into cyber risk management concepts and human-orientated vulnerabilities. The importance of this work being human-driven is to better understand how individuals can affect risk and the ways that humans can be impacted by attacks within different IoT domains. Through the analysis, we identified open areas for future research and ideas that researchers should consider