Security should be there by default: Investigating how journalists perceive and respond to risks from the Internet of Things

• URL: http://arxiv.org/abs/2008.04698v1
• Date: Tue, 11 Aug 2020 13:41:22 GMT
• Title: Security should be there by default: Investigating how journalists perceive and respond to risks from the Internet of Things
• Authors: Anjuli R. K. Shere and Jason R. C. Nurse and Ivan Flechais
• Abstract summary: We interviewed 11 journalists and surveyed 5 further journalists. Second, we surveyed 34 cyber security experts to establish if and how lay-people can combat IoT threats. Third, we compared these findings to assess journalists' knowledge of threats.
• Score: 6.18778092044887
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Journalists have long been the targets of both physical and cyber-attacks from well-resourced adversaries. Internet of Things (IoT) devices are arguably a new avenue of threat towards journalists through both targeted and generalised cyber-physical exploitation. This study comprises three parts: First, we interviewed 11 journalists and surveyed 5 further journalists, to determine the extent to which journalists perceive threats through the IoT, particularly via consumer IoT devices. Second, we surveyed 34 cyber security experts to establish if and how lay-people can combat IoT threats. Third, we compared these findings to assess journalists' knowledge of threats, and whether their protective mechanisms would be effective against experts' depictions and predictions of IoT threats. Our results indicate that journalists generally are unaware of IoT-related risks and are not adequately protecting themselves; this considers cases where they possess IoT devices, or where they enter IoT-enabled environments (e.g., at work or home). Expert recommendations spanned both immediate and long-term mitigation methods, including practical actions that are technical and socio-political in nature. However, all proposed individual mitigation methods are likely to be short-term solutions, with 26 of 34 (76.5%) of cyber security experts responding that within the next five years it will not be possible for the public to opt-out of interaction with the IoT.

Related papers

• A Safe Harbor for AI Evaluation and Red Teaming [124.89885800509505]
  Some researchers fear that conducting such research or releasing their findings will result in account suspensions or legal reprisal. We propose that major AI developers commit to providing a legal and technical safe harbor. We believe these commitments are a necessary step towards more inclusive and unimpeded community efforts to tackle the risks of generative AI.
  arXiv  Detail & Related papers  (2024-03-07T20:55:08Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• Trust-based Approaches Towards Enhancing IoT Security: A Systematic Literature Review [3.0969632359049473]
  This research paper presents a systematic literature review on the Trust-based cybersecurity security approaches for IoT. We highlighted the common trust-based mitigation techniques in existence for dealing with these threats. Several open issues were highlighted, and future research directions presented.
  arXiv  Detail & Related papers  (2023-11-20T12:21:35Z)
• Towards more Practical Threat Models in Artificial Intelligence Security [66.67624011455423]
  Recent works have identified a gap between research and practice in artificial intelligence security. We revisit the threat models of the six most studied attacks in AI security research and match them to AI usage in practice.
  arXiv  Detail & Related papers  (2023-11-16T16:09:44Z)
• Critical Analysis and Countermeasures Tactics, Techniques and Procedures (TTPs) that targeting civilians: A case study On Pegasus [0.0]
  This paper investigates the targeting of journalists and activists by the malware Pegasus. Examines the far-reaching consequences of these attacks for cybersecurity policy. Describes some of the most important tactics that businesses may use to reduce the danger of cyberattacks.
  arXiv  Detail & Related papers  (2023-10-01T19:28:03Z)
• On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
  We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
  arXiv  Detail & Related papers  (2023-05-03T18:47:42Z)
• Threat Modelling in Virtual Assistant Hub Devices Compared With User Risk Perceptions (2021) [0.0]
  This study explores different threat modelling methodologies as applied to the security of virtual assistant hubs in the home. Five approaches (STRIDE, CVSS, Attack Trees, LINDUNN GO, and Quantitative TMM) were compared as these were determined to be either the most prominent or potentially applicable to an IoT context. Key findings suggest that a combination of STRIDE and LINDUNN GO is optimal for elucidating threats under the pressures of a tight industry deadline cycle.
  arXiv  Detail & Related papers  (2023-01-30T10:36:04Z)
• Trust-Awareness to Secure Swarm Intelligence from Data Injection Attack [5.824096823117585]
  swarm intelligence (SI) is envisaged to play an important role in future industrial Internet of Things (IIoT) that is shaped by Sixth Generation (6G) mobile communications and digital twin (DT) However, its fragility against data injection attack may halt it from practical deployment. In this paper we propose an efficient trust approach to address this security concern for SI.
  arXiv  Detail & Related papers  (2022-10-27T13:37:50Z)
• Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022 [55.573187938617636]
  The workshop will focus on the application of AI to problems in cyber security. Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
  arXiv  Detail & Related papers  (2022-02-28T18:27:41Z)
• 'They're all about pushing the products and shiny things rather than fundamental security' Mapping Socio-technical Challenges in Securing the Smart Home [1.52292571922932]
  Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure.
  arXiv  Detail & Related papers  (2021-05-25T08:38:36Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.