Smart Insiders: Exploring the Threat from Insiders using the Internet−of−Things
Jason R. C. Nurse‚ Arnau Erola‚ Ioannis Agrafiotis‚ Michael Goldsmith and Sadie Creese
The Internet-of-Things (IoT) is set to be one of the most disruptive technology paradigms since the advent of the Internet itself. Market research company Gartner estimates that around 4.9 billion connected things will be in use in 2015, and around 25 billion by 2020. While there are substantial opportunities accompanying IoT, spanning from Healthcare to Energy, there are an equal number of concerns regarding the security and privacy of this plethora of ubiquitous devices. In this position paper we approach security and privacy in IoT from a different perspective to existing research, by considering the impact that IoT may have on the growing problem of insider threat within enterprises. Our specific aim is to explore the extent to which IoT may exacerbate the insider-threat challenge for organisations and overview the range of new and adapted attack vectors. Here, we focus especially on (personal) devices which insiders bring and use within their employer’s enterprise. As a start to addressing these issues, we outline a broad research agenda to encourage further research in this area.