An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

Carlton Shepherd; Fabien Petitcolas; Raja Akram; Konstantinos Markantonakis; Javier Lopez; Simone Fischer-Hübner; Costas Lambrinoudakis

doi:10.1007/978-3-319-64483-7_11

An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

Carlton Shepherd, Fabien Petitcolas, Raja Akram, Konstantinos Markantonakis, Javier Lopez, Simone Fischer-Hübner (Editor), Costas Lambrinoudakis

Computing Science

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

8 Citations (Scopus)

Abstract

The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.

Original language	English
Title of host publication	14th International Conference on Trust, Privacy & Security in Digital Business
Publisher	Springer Verlag
Pages	164-179
Number of pages	16
ISBN (Print)	978-3-319-64482-0
DOIs	https://doi.org/10.1007/978-3-319-64483-7_11
Publication status	Published - 2017

Publication series

Name	Lecture Notes in Computer Science
Volume	10442

Access to Document

10.1007/978-3-319-64483-7_11

Cite this

Shepherd, C., Petitcolas, F., Akram, R., Markantonakis, K., Lopez, J., Fischer-Hübner, S. (Ed.), & Lambrinoudakis, C. (2017). An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. In 14th International Conference on Trust, Privacy & Security in Digital Business (pp. 164-179). (Lecture Notes in Computer Science; Vol. 10442). Springer Verlag. https://doi.org/10.1007/978-3-319-64483-7_11

An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. / Shepherd, Carlton; Petitcolas, Fabien; Akram, Raja et al.

14th International Conference on Trust, Privacy & Security in Digital Business. Springer Verlag, 2017. p. 164-179 (Lecture Notes in Computer Science; Vol. 10442).

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

Shepherd, C, Petitcolas, F, Akram, R, Markantonakis, K, Lopez, J, Fischer-Hübner, S (ed.) & Lambrinoudakis, C 2017, An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. in 14th International Conference on Trust, Privacy & Security in Digital Business. Lecture Notes in Computer Science, vol. 10442, Springer Verlag, pp. 164-179. https://doi.org/10.1007/978-3-319-64483-7_11

Shepherd C, Petitcolas F, Akram R, Markantonakis K, Lopez J, Fischer-Hübner S, (ed.) et al. An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. In 14th International Conference on Trust, Privacy & Security in Digital Business. Springer Verlag. 2017. p. 164-179. (Lecture Notes in Computer Science). Epub 2017 Jul 27. doi: 10.1007/978-3-319-64483-7_11

@inproceedings{0fdb2a38426e4a6c876edc560f07b23f,

title = "An Exploratory Analysis of the Security Risks of the Internet of Things in Finance",

abstract = "The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.",

author = "Carlton Shepherd and Fabien Petitcolas and Raja Akram and Konstantinos Markantonakis and Javier Lopez and Simone Fischer-H{\"u}bner and Costas Lambrinoudakis",

note = "Acknowledgements: The authors would like to thank those at Vasco Data Security, who initiated and supported this work; the participants of the user survey for their time and consideration; and the anonymous reviewers who provided their insightful and helpful comments. Carlton Shepherd is supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).",

year = "2017",

doi = "10.1007/978-3-319-64483-7_11",

language = "English",

isbn = "978-3-319-64482-0",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "164--179",

booktitle = "14th International Conference on Trust, Privacy & Security in Digital Business",

address = "Germany",

}

TY - GEN

T1 - An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

AU - Shepherd, Carlton

AU - Petitcolas, Fabien

AU - Akram, Raja

AU - Markantonakis, Konstantinos

AU - Lopez, Javier

AU - Lambrinoudakis, Costas

A2 - Fischer-Hübner, Simone

N1 - Acknowledgements: The authors would like to thank those at Vasco Data Security, who initiated and supported this work; the participants of the user survey for their time and consideration; and the anonymous reviewers who provided their insightful and helpful comments. Carlton Shepherd is supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).

PY - 2017

Y1 - 2017

N2 - The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.

AB - The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.

U2 - 10.1007/978-3-319-64483-7_11

DO - 10.1007/978-3-319-64483-7_11

M3 - Published conference contribution

SN - 978-3-319-64482-0

T3 - Lecture Notes in Computer Science

SP - 164

EP - 179

BT - 14th International Conference on Trust, Privacy & Security in Digital Business

PB - Springer Verlag

ER -

An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

Abstract

Publication series

Access to Document

Fingerprint

Cite this